diff --git a/.postman/api b/.postman/api new file mode 100644 index 0000000..cedbf68 --- /dev/null +++ b/.postman/api @@ -0,0 +1,4 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY +apis[] = {"apiId":"b52009ed-62de-4025-b4f6-09f299d391ef"} +configVersion = 1.0.0 +type = api diff --git a/.postman/api_b52009ed-62de-4025-b4f6-09f299d391ef b/.postman/api_b52009ed-62de-4025-b4f6-09f299d391ef new file mode 100644 index 0000000..6f98965 --- /dev/null +++ b/.postman/api_b52009ed-62de-4025-b4f6-09f299d391ef @@ -0,0 +1,22 @@ +# THIS IS AN AUTOGENERATED FILE. DO NOT EDIT THIS FILE DIRECTLY +configVersion = 1.0.0 +type = apiEntityData + +[config] +id = b52009ed-62de-4025-b4f6-09f299d391ef + +[config.relations] + +[config.relations.collections] +rootDirectory = postman/collections +files[] = {"id":"26657441-95afe358-48b2-4169-8250-4d8bcc904ad4","path":"IdentityNow V3 Sync.json","metaData":{"generateCollectionPreferences":"{\"requestNameSource\":\"Fallback\",\"indentCharacter\":\"Space\",\"parametersResolution\":\"Example\",\"folderStrategy\":\"Tags\",\"includeAuthInfoInExample\":true,\"keepImplicitHeaders\":false,\"includeDeprecated\":true,\"updateCollectionSync\":true,\"requestParametersResolution\":\"Example\",\"exampleParametersResolution\":\"Example\"}"}} + +[config.relations.collections.metaData] + +[config.relations.apiDefinition] +rootDirectory = postman/schemas +files[] = {"path":"deref-sailpoint-api.v3.yaml","metaData":{}} + +[config.relations.apiDefinition.metaData] +type = openapi:3 +rootFiles[] = deref-sailpoint-api.v3.yaml diff --git a/postman/collections/IdentityNow V3 Sync.json b/postman/collections/IdentityNow V3 Sync.json new file mode 100644 index 0000000..1c74876 --- /dev/null +++ b/postman/collections/IdentityNow V3 Sync.json @@ -0,0 +1,66057 @@ +{ + "info": { + "_postman_id": "95afe358-48b2-4169-8250-4d8bcc904ad4", + "name": "IdentityNow V3 Sync", + "description": "Use these APIs to interact with the IdentityNow platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.\n\nContact Support:\n Name: Developer Relations", + "schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json", + "_uid": "26657441-95afe358-48b2-4169-8250-4d8bcc904ad4" + }, + "item": [ + { + "name": "Access Profiles", + "item": [ + { + "name": "List Access Profiles", + "id": "cbf5e41d-792a-49bb-8268-15a8db603b8f", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles?for-subadmin=8c190e6787aa4ed9a90bd9d5344523fb&limit=50&offset=0&count=true&filters=name eq \"SailPoint Support\"&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.\n\nA 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**requestable**: *eq*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "name eq \"SailPoint Support\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + }, + "description": "This API returns a list of Access Profiles.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API." + }, + "response": [ + { + "id": "e1ac732d-207b-4b17-ad38-b5afaa828741", + "name": "List of Access Profiles", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles?for-subadmin=8c190e6787aa4ed9a90bd9d5344523fb&limit=50&offset=0&count=true&filters=name eq \"SailPoint Support\"&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.\n\nA 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**requestable**: *eq*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "name eq \"SailPoint Support\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n },\n {\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n }\n]" + }, + { + "id": "af131fb5-c2f4-49cf-994a-18eac0815ad8", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles?for-subadmin=8c190e6787aa4ed9a90bd9d5344523fb&limit=50&offset=0&count=true&filters=name eq \"SailPoint Support\"&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.\n\nA 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**requestable**: *eq*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "name eq \"SailPoint Support\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5e3f2d6b-be5f-4638-a22e-f43ac660982e", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles?for-subadmin=8c190e6787aa4ed9a90bd9d5344523fb&limit=50&offset=0&count=true&filters=name eq \"SailPoint Support\"&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.\n\nA 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**requestable**: *eq*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "name eq \"SailPoint Support\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "40b7b83e-169a-4942-82c0-9f82c320ee9a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles?for-subadmin=8c190e6787aa4ed9a90bd9d5344523fb&limit=50&offset=0&count=true&filters=name eq \"SailPoint Support\"&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.\n\nA 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**requestable**: *eq*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "name eq \"SailPoint Support\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "910e2704-ac8b-4320-98d4-f2b5f2a570fa", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles?for-subadmin=8c190e6787aa4ed9a90bd9d5344523fb&limit=50&offset=0&count=true&filters=name eq \"SailPoint Support\"&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.\n\nA 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**requestable**: *eq*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "name eq \"SailPoint Support\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "36f52ddb-dbb1-4fb2-a661-9d2564a2c459", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles?for-subadmin=8c190e6787aa4ed9a90bd9d5344523fb&limit=50&offset=0&count=true&filters=name eq \"SailPoint Support\"&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID.\n\nA 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**requestable**: *eq*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "name eq \"SailPoint Support\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create an Access Profile", + "id": "854596dd-095f-475a-9744-f967f2c86b59", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ] + }, + "description": "This API creates an Access Profile.\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters." + }, + "response": [ + { + "id": "745be9dd-a0cb-4c5f-8e70-3e21f5168c57", + "name": "Access Profile created", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}" + }, + { + "id": "dc8eca61-8eef-4b90-a159-4d697ac4e0d7", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "4c934858-f736-4766-8877-b50d097d355d", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "358322db-0a31-4334-a56e-bb54b857f01e", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "ccea38d7-ede9-4c05-8185-e8134172d7c4", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "983171bd-6da4-4b36-9eb3-157e92191cb0", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get an Access Profile", + "id": "4b57c43e-58c8-4cb6-ae4e-a2c205d74891", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c9180837ca6693d017ca8d097500149" + } + ] + }, + "description": "This API returns an Access Profile by its ID.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API." + }, + "response": [ + { + "id": "5eb6eda3-59a3-4d46-be0a-43478ce64951", + "name": "An AccessProfile", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}" + }, + { + "id": "0303b0cd-b548-4122-bbed-1a076481e933", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "29a28c1c-e0a5-468f-806a-a45d878b1db8", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "4f0084cd-db28-4ad9-bbb2-a6d3de589779", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "f18c3f89-0796-4704-8ff7-4fa6f73a7237", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "9a587e16-fe91-42d6-8353-37dbbb4874f4", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Patch a specified Access Profile", + "id": "ea57f15e-2a74-4ebe-abbd-fb9be6bdf48e", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/entitlements\",\n \"value\": [\n {\n \"id\": \"2c9180857725c14301772a93bb77242d\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"AD User Group\"\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c91808a7813090a017814121919ecca" + } + ] + }, + "description": "This API updates an existing Access Profile. The following fields are patchable:\n**name**, **description**, **enabled**, **owner**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria**\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer.\n> The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.\n\n> You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.\n\n> Patching the value of the **requestable** field is only supported for customers enabled with the new Request Center. Otherwise, attempting to modify this field results in a 400 error." + }, + "response": [ + { + "id": "523929e1-3c27-4bd9-8b8f-25f9e9949220", + "name": "Responds with the Access Profile as updated.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/entitlements\",\n \"value\": [\n {\n \"id\": \"2c9180857725c14301772a93bb77242d\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"AD User Group\"\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"name\": \"Employee-database-read-write\",\n \"source\": {\n \"id\": \"2c91809773dee3610173fdb0b6061ef4\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-SOURCE\"\n },\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"enabled\": true,\n \"entitlements\": [\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n },\n {\n \"id\": \"2c91809773dee32014e13e122092014e\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local\"\n }\n ],\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"provisioningCriteria\": {\n \"operation\": \"OR\",\n \"children\": [\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"CONTAINS\",\n \"value\": \"useast\"\n },\n {\n \"attribute\": \"manager\",\n \"operation\": \"CONTAINS\",\n \"value\": \"Scott.Clark\"\n }\n ]\n },\n {\n \"operation\": \"AND\",\n \"children\": [\n {\n \"attribute\": \"dn\",\n \"operation\": \"EQUALS\",\n \"value\": \"Gibson\"\n },\n {\n \"attribute\": \"telephoneNumber\",\n \"operation\": \"CONTAINS\",\n \"value\": \"512\"\n }\n ]\n }\n ]\n }\n}" + }, + { + "id": "5adf92bf-390d-42cc-8772-8c624c078daf", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/entitlements\",\n \"value\": [\n {\n \"id\": \"2c9180857725c14301772a93bb77242d\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"AD User Group\"\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "2be190e7-6d35-4a8d-8300-ae840e136041", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/entitlements\",\n \"value\": [\n {\n \"id\": \"2c9180857725c14301772a93bb77242d\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"AD User Group\"\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "680bdb47-6015-4a31-b43a-a98a8e854427", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/entitlements\",\n \"value\": [\n {\n \"id\": \"2c9180857725c14301772a93bb77242d\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"AD User Group\"\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "7fa9abae-2d9e-43de-b086-f770e0180587", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/entitlements\",\n \"value\": [\n {\n \"id\": \"2c9180857725c14301772a93bb77242d\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"AD User Group\"\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "49740a88-b471-4d59-89fe-b985ac5459b9", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/entitlements\",\n \"value\": [\n {\n \"id\": \"2c9180857725c14301772a93bb77242d\",\n \"type\": \"ENTITLEMENT\",\n \"name\": \"AD User Group\"\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Access Profile(s)", + "id": "5c671024-4c42-4721-aa11-ca1f540008ea", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"bestEffortOnly\": true,\n \"accessProfileIds\": [\n \"2c91808876438bb2017668b91919ecca\",\n \"2c91808876438ba801766e129f151816\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + "bulk-delete" + ] + }, + "description": "This API initiates a bulk deletion of one or more Access Profiles.\n\nBy default, if any of the indicated Access Profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated Access Profiles will be deleted.\n\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to delete Access Profiles which are associated with Sources they are able to administer." + }, + "response": [ + { + "id": "04e993f4-8ffa-45f9-952c-fb4bef80a836", + "name": "Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"bestEffortOnly\": true,\n \"accessProfileIds\": [\n \"2c91808876438bb2017668b91919ecca\",\n \"2c91808876438ba801766e129f151816\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + "bulk-delete" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"pending\": [],\n \"inUse\": [\n {\n \"accessProfileId\": \"2c91808876438ba801766e129f151816\",\n \"usages\": [\n {\n \"type\": \"Role\",\n \"id\": \"2c9180887643764201766e9f6e121518\"\n }\n ]\n }\n ]\n}" + }, + { + "id": "6dbad644-4f58-4efd-a969-cbfbae2ab16a", + "name": "Returned if at least one deletion will be performed.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"bestEffortOnly\": true,\n \"accessProfileIds\": [\n \"2c91808876438bb2017668b91919ecca\",\n \"2c91808876438ba801766e129f151816\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + "bulk-delete" + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"taskId\": \"2c91808a7813090a01781412a1119a20\",\n \"pending\": [\n \"2c91808a7813090a017813fe1919ecca\"\n ],\n \"inUse\": [\n {\n \"accessProfileId\": \"2c91808876438ba801766e129f151816\",\n \"usages\": [\n {\n \"type\": \"Role\",\n \"id\": \"2c9180887643764201766e9f6e121518\"\n }\n ]\n }\n ]\n}" + }, + { + "id": "729934c7-8ff5-410e-919d-93e13a6b3e42", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"bestEffortOnly\": true,\n \"accessProfileIds\": [\n \"2c91808876438bb2017668b91919ecca\",\n \"2c91808876438ba801766e129f151816\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + "bulk-delete" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "47fd3f34-14d6-4206-9359-f897df7abd72", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"bestEffortOnly\": true,\n \"accessProfileIds\": [\n \"2c91808876438bb2017668b91919ecca\",\n \"2c91808876438ba801766e129f151816\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + "bulk-delete" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "b0a44913-a005-4737-8057-8354c52a418d", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"bestEffortOnly\": true,\n \"accessProfileIds\": [\n \"2c91808876438bb2017668b91919ecca\",\n \"2c91808876438ba801766e129f151816\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + "bulk-delete" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "63f9d74e-958c-4a0b-9709-584eacdd245f", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"bestEffortOnly\": true,\n \"accessProfileIds\": [\n \"2c91808876438bb2017668b91919ecca\",\n \"2c91808876438ba801766e129f151816\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + "bulk-delete" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "baec71b3-fe5e-4ce9-a4a6-8a1b16a868a9", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"bestEffortOnly\": true,\n \"accessProfileIds\": [\n \"2c91808876438bb2017668b91919ecca\",\n \"2c91808876438ba801766e129f151816\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-profiles/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + "bulk-delete" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "List Access Profile's Entitlements", + "id": "70f00a09-f3d1-4d19-b025-3dad622de474", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id/entitlements?limit=250&offset=0&count=true&filters=attribute eq \"memberOf\"&sorters=name,-modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**attribute**: *eq, sw*\n\n**value**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "attribute eq \"memberOf\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, attribute, value, created, modified**", + "key": "sorters", + "value": "name,-modified" + } + ], + "variable": [ + { + "key": "id", + "value": "2c91808a7813090a017814121919ecca" + } + ] + }, + "description": "This API lists the Entitlements associated with a given Access Profile\n\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given Access Profile" + }, + "response": [ + { + "id": "830f08ef-0a00-4f3b-b29f-00dad03826a4", + "name": "List of Entitlements", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id/entitlements?limit=250&offset=0&count=true&filters=attribute eq \"memberOf\"&sorters=name,-modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**attribute**: *eq, sw*\n\n**value**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "attribute eq \"memberOf\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, attribute, value, created, modified**", + "key": "sorters", + "value": "name,-modified" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c91808874ff91550175097daaec161c\",\n \"name\": \"LauncherTest2\",\n \"attribute\": \"memberOf\",\n \"value\": \"CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local\",\n \"sourceSchemaObjectType\": \"group\",\n \"description\": \"CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local\",\n \"privileged\": true,\n \"cloudGoverned\": true,\n \"created\": \"2020-10-08T18:33:52.029Z\",\n \"modified\": \"2020-10-08T18:33:52.029Z\",\n \"source\": {\n \"id\": \"2c9180827ca885d7017ca8ce28a000eb\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-Source\"\n },\n \"attributes\": {\n \"fieldName\": \"fieldValue\"\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"directPermissions\": [\n {\n \"rights\": [\n \"SELECT\",\n \"SELECT\"\n ],\n \"target\": \"SYS.GV_$TRANSACTION\"\n },\n {\n \"rights\": [\n \"SELECT\",\n \"SELECT\"\n ],\n \"target\": \"SYS.GV_$TRANSACTION\"\n }\n ]\n },\n {\n \"id\": \"2c91808874ff91550175097daaec161c\",\n \"name\": \"LauncherTest2\",\n \"attribute\": \"memberOf\",\n \"value\": \"CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local\",\n \"sourceSchemaObjectType\": \"group\",\n \"description\": \"CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local\",\n \"privileged\": true,\n \"cloudGoverned\": true,\n \"created\": \"2020-10-08T18:33:52.029Z\",\n \"modified\": \"2020-10-08T18:33:52.029Z\",\n \"source\": {\n \"id\": \"2c9180827ca885d7017ca8ce28a000eb\",\n \"type\": \"SOURCE\",\n \"name\": \"ODS-AD-Source\"\n },\n \"attributes\": {\n \"fieldName\": \"fieldValue\"\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ],\n \"directPermissions\": [\n {\n \"rights\": [\n \"SELECT\",\n \"SELECT\"\n ],\n \"target\": \"SYS.GV_$TRANSACTION\"\n },\n {\n \"rights\": [\n \"SELECT\",\n \"SELECT\"\n ],\n \"target\": \"SYS.GV_$TRANSACTION\"\n }\n ]\n }\n]" + }, + { + "id": "f481e4d5-4b55-4c72-bda1-b71dfbf5f32a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id/entitlements?limit=250&offset=0&count=true&filters=attribute eq \"memberOf\"&sorters=name,-modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**attribute**: *eq, sw*\n\n**value**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "attribute eq \"memberOf\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, attribute, value, created, modified**", + "key": "sorters", + "value": "name,-modified" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "c9b22e0b-0abc-42bc-b24c-b8cedb665648", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id/entitlements?limit=250&offset=0&count=true&filters=attribute eq \"memberOf\"&sorters=name,-modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**attribute**: *eq, sw*\n\n**value**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "attribute eq \"memberOf\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, attribute, value, created, modified**", + "key": "sorters", + "value": "name,-modified" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "427147de-54fb-4982-9460-91a553b4f29a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id/entitlements?limit=250&offset=0&count=true&filters=attribute eq \"memberOf\"&sorters=name,-modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**attribute**: *eq, sw*\n\n**value**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "attribute eq \"memberOf\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, attribute, value, created, modified**", + "key": "sorters", + "value": "name,-modified" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "e3ae5d75-bd67-4d95-b619-96382a2fc5cc", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id/entitlements?limit=250&offset=0&count=true&filters=attribute eq \"memberOf\"&sorters=name,-modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**attribute**: *eq, sw*\n\n**value**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "attribute eq \"memberOf\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, attribute, value, created, modified**", + "key": "sorters", + "value": "name,-modified" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "a35fecc8-da82-41a9-acb7-506a78eabfc7", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-profiles/:id/entitlements?limit=250&offset=0&count=true&filters=attribute eq \"memberOf\"&sorters=name,-modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-profiles", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following Entitlement fields and operators:\n**id**: *eq, in*\n\n**name**: *eq, sw*\n\n**attribute**: *eq, sw*\n\n**value**: *eq, sw*\n\n**created, modified**: *gt, lt, ge, le*\n\n**owner.id**: *eq, in*\n\n**source.id**: *eq, in*", + "key": "filters", + "value": "attribute eq \"memberOf\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name, attribute, value, created, modified**", + "key": "sorters", + "value": "name,-modified" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "dbfe3cce-2f16-408b-bb4f-0644c35c170a", + "description": "Use this API to implement and customize access profile functionality. \nWith this functionality in place, administrators can create access profiles and configure them for use throughout IdentityNow, enabling users to get the access they need quickly and securely.\n\nAccess profiles group entitlements, which represent access rights on sources. \n\nFor example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.\n\nAn administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.\n\nWhen users only need Active Directory employee access, they can request access to the 'Employees' entitlement.\n\nWhen users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.\n\nAccess profiles are the most important units of access in IdentityNow. IdentityNow uses access profiles in many features, including the following:\n\n- Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles.\n\n- Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements. \n\n- Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile.\n\n- Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role. \n\nIn IdentityNow, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones. \nAdministrators can enable and disable an access profile, and they can also make the following configurations: \n\n- Manage Entitlements: Manage the profile's access by adding and removing entitlements. \n\n- Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked. \nDo not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile.\n\n- Multiple Account Options: Define the logic IdentityNow uses to provision access to an identity with multiple accounts on the source. \n\nRefer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles.\n" + }, + { + "name": "Access Request Approvals", + "item": [ + { + "name": "Pending Access Request Approvals List", + "id": "89ea44ef-1180-4f27-b86d-f10ffe91f4db", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/pending?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "pending" + ], + "query": [ + { + "description": "If present, the value returns only pending approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + }, + "description": "This endpoint returns a list of pending approvals. See \"owner-id\" query parameter below for authorization info." + }, + "response": [ + { + "id": "cf9460b4-29fd-42b7-8c03-381033e22881", + "name": "List of Pending Approvals.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/pending?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "pending" + ], + "query": [ + { + "description": "If present, the value returns only pending approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"id12345\",\n \"name\": \"aName\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-07-25T20:22:28.104Z\",\n \"requestCreated\": \"2017-07-11T18:45:35.098Z\",\n \"requestType\": \"GRANT_ACCESS\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedFor\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedObject\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Applied Research Access\",\n \"description\": \"Access to research information, lab results, and schematics\",\n \"type\": \"ROLE\"\n },\n \"requesterComment\": {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n \"previousReviewersComments\": [\n {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n }\n ],\n \"forwardHistory\": [\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n },\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n }\n ],\n \"commentRequiredWhenRejected\": true,\n \"actionInProcess\": \"APPROVED\",\n \"removeDate\": \"2020-07-11T00:00:00Z\",\n \"removeDateUpdateRequested\": true,\n \"currentRemoveDate\": \"2020-07-11T00:00:00Z\",\n \"sodViolationContext\": {\n \"state\": \"SUCCESS\",\n \"uuid\": \"f73d16e9-a038-46c5-b217-1246e15fdbdd\",\n \"violationCheckResult\": {\n \"message\": {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"violationContexts\": [\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n },\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n }\n ],\n \"violatedPolicies\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n }\n ]\n }\n }\n },\n {\n \"id\": \"id12345\",\n \"name\": \"aName\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-07-25T20:22:28.104Z\",\n \"requestCreated\": \"2017-07-11T18:45:35.098Z\",\n \"requestType\": \"GRANT_ACCESS\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedFor\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedObject\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Applied Research Access\",\n \"description\": \"Access to research information, lab results, and schematics\",\n \"type\": \"ROLE\"\n },\n \"requesterComment\": {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n \"previousReviewersComments\": [\n {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n }\n ],\n \"forwardHistory\": [\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n },\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n }\n ],\n \"commentRequiredWhenRejected\": true,\n \"actionInProcess\": \"APPROVED\",\n \"removeDate\": \"2020-07-11T00:00:00Z\",\n \"removeDateUpdateRequested\": true,\n \"currentRemoveDate\": \"2020-07-11T00:00:00Z\",\n \"sodViolationContext\": {\n \"state\": \"SUCCESS\",\n \"uuid\": \"f73d16e9-a038-46c5-b217-1246e15fdbdd\",\n \"violationCheckResult\": {\n \"message\": {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"violationContexts\": [\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n },\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n }\n ],\n \"violatedPolicies\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n }\n ]\n }\n }\n }\n]" + }, + { + "id": "62fb32d9-6968-46df-8073-541b1c3aefd3", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/pending?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "pending" + ], + "query": [ + { + "description": "If present, the value returns only pending approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "d2f90231-0112-49fb-8eba-081482a74a98", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/pending?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "pending" + ], + "query": [ + { + "description": "If present, the value returns only pending approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "4646001e-68b9-4a20-8514-9d5a2986eea6", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/pending?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "pending" + ], + "query": [ + { + "description": "If present, the value returns only pending approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "70f62b40-10a0-4828-ad65-6b37b0b28c0b", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/pending?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "pending" + ], + "query": [ + { + "description": "If present, the value returns only pending approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "e60f7531-f6b7-4d2c-a241-09691fc4b15f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/pending?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "pending" + ], + "query": [ + { + "description": "If present, the value returns only pending approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Completed Access Request Approvals List", + "id": "ea91aa33-b80d-4e4a-9f6d-2a4529cf2014", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/completed?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "completed" + ], + "query": [ + { + "description": "If present, the value returns only completed approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + }, + "description": "This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info." + }, + "response": [ + { + "id": "8a162cad-242d-45c8-8375-554b9ae79a61", + "name": "List of Completed Approvals.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/completed?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "completed" + ], + "query": [ + { + "description": "If present, the value returns only completed approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"id12345\",\n \"name\": \"aName\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-07-25T20:22:28.104Z\",\n \"requestCreated\": \"2017-07-11T18:45:35.098Z\",\n \"requestType\": \"GRANT_ACCESS\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedFor\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"reviewedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedObject\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Applied Research Access\",\n \"description\": \"Access to research information, lab results, and schematics\",\n \"type\": \"ROLE\"\n },\n \"requesterComment\": {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n \"reviewerComment\": {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n \"previousReviewersComments\": [\n {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n }\n ],\n \"forwardHistory\": [\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n },\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n }\n ],\n \"commentRequiredWhenRejected\": true,\n \"state\": \"APPROVED\",\n \"removeDate\": \"2020-07-11T00:00:00Z\",\n \"removeDateUpdateRequested\": true,\n \"currentRemoveDate\": \"2020-07-11T00:00:00Z\",\n \"sodViolationContext\": {\n \"state\": \"SUCCESS\",\n \"uuid\": \"f73d16e9-a038-46c5-b217-1246e15fdbdd\",\n \"violationCheckResult\": {\n \"message\": {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"violationContexts\": [\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n },\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n }\n ],\n \"violatedPolicies\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n }\n ]\n }\n }\n },\n {\n \"id\": \"id12345\",\n \"name\": \"aName\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-07-25T20:22:28.104Z\",\n \"requestCreated\": \"2017-07-11T18:45:35.098Z\",\n \"requestType\": \"GRANT_ACCESS\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedFor\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"reviewedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedObject\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Applied Research Access\",\n \"description\": \"Access to research information, lab results, and schematics\",\n \"type\": \"ROLE\"\n },\n \"requesterComment\": {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n \"reviewerComment\": {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n \"previousReviewersComments\": [\n {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n }\n ],\n \"forwardHistory\": [\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n },\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n }\n ],\n \"commentRequiredWhenRejected\": true,\n \"state\": \"APPROVED\",\n \"removeDate\": \"2020-07-11T00:00:00Z\",\n \"removeDateUpdateRequested\": true,\n \"currentRemoveDate\": \"2020-07-11T00:00:00Z\",\n \"sodViolationContext\": {\n \"state\": \"SUCCESS\",\n \"uuid\": \"f73d16e9-a038-46c5-b217-1246e15fdbdd\",\n \"violationCheckResult\": {\n \"message\": {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"violationContexts\": [\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n },\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n }\n ],\n \"violatedPolicies\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n }\n ]\n }\n }\n }\n]" + }, + { + "id": "49f2c0a2-f043-40ed-85db-dc0a39539a19", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/completed?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "completed" + ], + "query": [ + { + "description": "If present, the value returns only completed approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "2bf16dcd-1427-4a58-8170-97bcedd82358", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/completed?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "completed" + ], + "query": [ + { + "description": "If present, the value returns only completed approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "f3515dff-fb34-42c4-8361-7b2fbfe21ac3", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/completed?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "completed" + ], + "query": [ + { + "description": "If present, the value returns only completed approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "2f5e000e-94d4-4b28-99ce-f4b7d394f3bb", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/completed?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "completed" + ], + "query": [ + { + "description": "If present, the value returns only completed approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "892668cf-b7a6-43e8-8508-18aada57c79f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/completed?owner-id=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=id eq \"2c91808568c529c60168cca6f90c1313\"&sorters=modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "completed" + ], + "query": [ + { + "description": "If present, the value returns only completed approvals for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN users can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non-ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**requestedFor.id**: *eq, in*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "id eq \"2c91808568c529c60168cca6f90c1313\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "modified" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Approves an access request approval.", + "id": "ea42dee9-717b-40e4-b6d3-b075cff170cb", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "approve" + ], + "variable": [ + { + "key": "approvalId", + "value": "2c91808b7294bea301729568c68c002e" + } + ] + }, + "description": "This endpoint approves an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action." + }, + "response": [ + { + "id": "9e26fd63-f8e6-4062-afd3-afff8da5f398", + "name": "Accepted - Returned if the request was successfully accepted into the system.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "approve" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{}" + }, + { + "id": "238ecf10-bd8a-4f71-af5e-7bd52e96f956", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "approve" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "cb05dec1-18af-40d0-a53b-375bf9ce1ce4", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "approve" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "7058cd45-612a-4c3b-ab4b-82f8e685428a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "approve" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "32368e52-3364-4b0b-9091-9b2d023b72de", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "approve" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "51054a42-dd7a-4477-932d-77b37dcad885", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "approve" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "a4201ba8-8f77-4956-ab1d-80f9b89a1d3b", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "approve" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Rejects an access request approval.", + "id": "26f17dc8-09a2-440e-9a63-6fe1552cd069", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "reject" + ], + "variable": [ + { + "key": "approvalId", + "value": "2c91808b7294bea301729568c68c002e" + } + ] + }, + "description": "This endpoint rejects an access request approval. Only the owner of the approval and admin users are allowed to perform this action." + }, + "response": [ + { + "id": "01ceb80f-f5ce-4305-a8ac-a355eb2e912c", + "name": "Accepted - Returned if the request was successfully accepted into the system.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "reject" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{}" + }, + { + "id": "e2986d55-0842-41ea-a859-3c870e9e4605", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "reject" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "c05c1836-ff37-46f9-9b84-1bf91742cd82", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "reject" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "916e26bd-f5c3-44ce-aee4-d76f6c6cfc59", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "reject" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "c1d8f159-c90a-46a3-a146-8892ea53d849", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "reject" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "7b55af0b-5753-4f6a-9ccd-da205242dd35", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "reject" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "07c890a7-8ef2-4c4c-b294-9207040c5fca", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "reject" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Forwards an access request approval.", + "id": "f044430c-72f8-496b-90ca-da778ce05cee", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"newOwnerId\": \"2c91808568c529c60168cca6f90c1314\",\n \"comment\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/forward", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "forward" + ], + "variable": [ + { + "key": "approvalId", + "value": "2c91808b7294bea301729568c68c002e" + } + ] + }, + "description": "This endpoint forwards an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action." + }, + "response": [ + { + "id": "6cb37798-b78e-478b-a92a-c64ac8ce9e87", + "name": "Accepted - Returned if the request was successfully accepted into the system.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"newOwnerId\": \"2c91808568c529c60168cca6f90c1314\",\n \"comment\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/forward", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "forward" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{}" + }, + { + "id": "aa7126ba-d708-48d6-9c36-a22b13ca4c45", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"newOwnerId\": \"2c91808568c529c60168cca6f90c1314\",\n \"comment\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/forward", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "forward" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "28377eea-2d4a-4926-96aa-7d29a3967106", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"newOwnerId\": \"2c91808568c529c60168cca6f90c1314\",\n \"comment\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/forward", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "forward" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "53b7518e-cef4-4f18-9d7a-9d3d4ce26985", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"newOwnerId\": \"2c91808568c529c60168cca6f90c1314\",\n \"comment\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/forward", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "forward" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "c925885d-218e-46ec-bac2-e03edfcf7a87", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"newOwnerId\": \"2c91808568c529c60168cca6f90c1314\",\n \"comment\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/forward", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "forward" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "1d3583cd-9a54-49f9-826f-d4224d827e20", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"newOwnerId\": \"2c91808568c529c60168cca6f90c1314\",\n \"comment\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/forward", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "forward" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "095b0edc-510d-4bb9-af6e-d6a3abeb54bd", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"newOwnerId\": \"2c91808568c529c60168cca6f90c1314\",\n \"comment\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-approvals/:approvalId/forward", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + ":approvalId", + "forward" + ], + "variable": [ + { + "key": "approvalId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get the number of access-requests-approvals", + "id": "22abe6aa-6715-49ce-9b59-f6e5dcd88090", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/approval-summary?owner-id=2c91808568c529c60168cca6f90c1313&from-date=from-date=2020-03-19T19:59:11Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "approval-summary" + ], + "query": [ + { + "description": "The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN user can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format", + "key": "from-date", + "value": "from-date=2020-03-19T19:59:11Z" + } + ] + }, + "description": "This endpoint returns the number of pending, approved and rejected access requests approvals. See \"owner-id\" query parameter below for authorization info." + }, + "response": [ + { + "id": "61a9f1a9-9ae0-4486-8372-a008112cebf5", + "name": "Number of pending, approved, rejected access request approvals.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/approval-summary?owner-id=2c91808568c529c60168cca6f90c1313&from-date=from-date=2020-03-19T19:59:11Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "approval-summary" + ], + "query": [ + { + "description": "The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN user can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format", + "key": "from-date", + "value": "from-date=2020-03-19T19:59:11Z" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"pending\": 0,\n \"approved\": 0,\n \"rejected\": 0\n}" + }, + { + "id": "1adb1173-f503-423c-8f81-fa0e70d8a50c", + "name": "Client Error - Returned if the query parameter is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/approval-summary?owner-id=2c91808568c529c60168cca6f90c1313&from-date=from-date=2020-03-19T19:59:11Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "approval-summary" + ], + "query": [ + { + "description": "The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN user can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format", + "key": "from-date", + "value": "from-date=2020-03-19T19:59:11Z" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5b9092b9-2b29-4402-b493-195797db4beb", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/approval-summary?owner-id=2c91808568c529c60168cca6f90c1313&from-date=from-date=2020-03-19T19:59:11Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "approval-summary" + ], + "query": [ + { + "description": "The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN user can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format", + "key": "from-date", + "value": "from-date=2020-03-19T19:59:11Z" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "baf6b325-4ee7-4219-96ac-5cd5157bdabb", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/approval-summary?owner-id=2c91808568c529c60168cca6f90c1313&from-date=from-date=2020-03-19T19:59:11Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "approval-summary" + ], + "query": [ + { + "description": "The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN user can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format", + "key": "from-date", + "value": "from-date=2020-03-19T19:59:11Z" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "a150093b-cecb-4604-9da5-1ae0a3b731f4", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/approval-summary?owner-id=2c91808568c529c60168cca6f90c1313&from-date=from-date=2020-03-19T19:59:11Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "approval-summary" + ], + "query": [ + { + "description": "The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN user can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format", + "key": "from-date", + "value": "from-date=2020-03-19T19:59:11Z" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "22363432-df0e-4d83-8c08-f016fa3364ba", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-approvals/approval-summary?owner-id=2c91808568c529c60168cca6f90c1313&from-date=from-date=2020-03-19T19:59:11Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-approvals", + "approval-summary" + ], + "query": [ + { + "description": "The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.\n * ORG_ADMIN users can call this with any identity ID value.\n * ORG_ADMIN user can also fetch all the approvals in the org, when\nowner-id is not used.\n * Non ORG_ADMIN users can only specify *me* or pass their own\nidentity ID value.", + "key": "owner-id", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format", + "key": "from-date", + "value": "from-date=2020-03-19T19:59:11Z" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "bd2a2f99-93a3-40b3-aa19-0ec2d6416e88", + "description": "Use this API to implement and customize access request approval functionality. \nWith this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles. \nThis enables more qualified users to review access requests and the others to spend their time on other tasks. \n\nIn IdentityNow, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked. \nFor applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked. \nFor roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked. \nIf the administrator designates a governance group as the required approver, any governance group member can approve the requests.\n \nWhen a user submits an access request, IdentityNow sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration.\n\nIn Approvals in IdentityNow, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval. \nIf the required approver approves the request and is the only reviewer required, IdentityNow grants or revokes access, based on the request. \nIf multiple reviewers are required, IdentityNow sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration. \nThe required approver can then view any completed access requests under the Reviewed tab. \n\nRefer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals.\n" + }, + { + "name": "Access Requests", + "item": [ + { + "name": "Submit an Access Request", + "id": "04352167-8297-4433-b1fd-4fba39dc2067", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"requestedFor\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210584\"\n ],\n \"requestedItems\": [\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n }\n ],\n \"requestType\": \"GRANT_ACCESS\",\n \"clientMetadata\": {\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\",\n \"requestedAppName\": \"test-app\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests" + ] + }, + "description": "This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes.\n\nAccess requests are processed asynchronously by IdentityNow. A success response from this endpoint means the request\nhas been submitted to IDN and is queued for processing. Because this endpoint is asynchronous, it will not return an error\nif you submit duplicate access requests in quick succession, or you submit an access request for access that is already in progress, approved, or rejected.\nIt is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can\nbe accomplished by using the [access request status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [pending access request approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) endpoints. You can also\nuse the [search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items that an identity has before submitting\nan access request to ensure you are not requesting access that is already granted.\n\nThere are two types of access request:\n\n__GRANT_ACCESS__\n* Can be requested for multiple identities in a single request.\n* Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options. \n* Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.\n* Roles, Access Profiles and Entitlements can be requested.\n* While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request.\n \n__REVOKE_ACCESS__\n* Can only be requested for a single identity at a time.\n* Does not support self request. Only manager can request to revoke access for their directly managed employees.\n* If removeDate is specified, then the access will be removed on that date and time only for Roles and Access Profiles. Entitlements are currently unsupported for removeDate.\n* Roles, Access Profiles, and Entitlements can be requested for revocation.\n* Revoke requests for entitlements are limited to 1 entitlement per access request currently.\n* [Roles, Access Profiles] RemoveData can be specified only if access don't have a sunset date.\n* Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.\n\nNOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API.\n\nA token with API authority cannot be used to call this endpoint. \n" + }, + "response": [ + { + "id": "bc41f66b-ed6c-4ab8-921e-3f489ad3d947", + "name": "Accepted - Returned if the request was successfully accepted into the system.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"requestedFor\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210584\"\n ],\n \"requestedItems\": [\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n }\n ],\n \"requestType\": \"GRANT_ACCESS\",\n \"clientMetadata\": {\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\",\n \"requestedAppName\": \"test-app\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests" + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{}" + }, + { + "id": "b49bfd8b-3a68-41d4-8697-624a9f1b41a7", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"requestedFor\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210584\"\n ],\n \"requestedItems\": [\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n }\n ],\n \"requestType\": \"GRANT_ACCESS\",\n \"clientMetadata\": {\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\",\n \"requestedAppName\": \"test-app\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "25c624ba-9f2d-4e9f-a7cb-d99b13eb75ac", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"requestedFor\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210584\"\n ],\n \"requestedItems\": [\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n }\n ],\n \"requestType\": \"GRANT_ACCESS\",\n \"clientMetadata\": {\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\",\n \"requestedAppName\": \"test-app\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "5086b6bb-d313-4b5f-84e7-0ff042b14f1b", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"requestedFor\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210584\"\n ],\n \"requestedItems\": [\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n }\n ],\n \"requestType\": \"GRANT_ACCESS\",\n \"clientMetadata\": {\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\",\n \"requestedAppName\": \"test-app\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "814a1d84-e4d1-4fe4-826a-9dbfa8cf59b2", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"requestedFor\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210584\"\n ],\n \"requestedItems\": [\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n }\n ],\n \"requestType\": \"GRANT_ACCESS\",\n \"clientMetadata\": {\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\",\n \"requestedAppName\": \"test-app\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "99d08dc6-a1c3-4f50-b41a-bf757af5677a", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"requestedFor\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210584\"\n ],\n \"requestedItems\": [\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"type\": \"ACCESS_PROFILE\",\n \"comment\": \"Requesting access profile for John Doe\",\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"removeDate\": \"2020-07-11T21:23:15.000Z\"\n }\n ],\n \"requestType\": \"GRANT_ACCESS\",\n \"clientMetadata\": {\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\",\n \"requestedAppName\": \"test-app\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Cancel Access Request", + "id": "de06f988-c477-43e3-9e3b-3938c30817f2", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountActivityId\": \"2c91808568c529c60168cca6f90c1313\",\n \"comment\": \"I requested this role by mistake.\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests/cancel", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests", + "cancel" + ] + }, + "description": "This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step.\nAny token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it." + }, + "response": [ + { + "id": "097131c9-d122-487a-a0e0-f4a91998647b", + "name": "Accepted - Returned if the request was successfully accepted into the system.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountActivityId\": \"2c91808568c529c60168cca6f90c1313\",\n \"comment\": \"I requested this role by mistake.\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests/cancel", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests", + "cancel" + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{}" + }, + { + "id": "95eeafa3-b24a-42b1-8740-6c18a687a61e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountActivityId\": \"2c91808568c529c60168cca6f90c1313\",\n \"comment\": \"I requested this role by mistake.\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests/cancel", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests", + "cancel" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "6478a48c-5bde-4129-bfe8-cb1b1dacce92", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountActivityId\": \"2c91808568c529c60168cca6f90c1313\",\n \"comment\": \"I requested this role by mistake.\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests/cancel", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests", + "cancel" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0ce8c211-efce-4251-a032-c15bdfed80c1", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountActivityId\": \"2c91808568c529c60168cca6f90c1313\",\n \"comment\": \"I requested this role by mistake.\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests/cancel", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests", + "cancel" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "57160d88-271d-4f6e-a1f3-7f4edf3e3c94", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountActivityId\": \"2c91808568c529c60168cca6f90c1313\",\n \"comment\": \"I requested this role by mistake.\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests/cancel", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests", + "cancel" + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "13c74869-acb5-4d8b-afd7-ec356b6d1452", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountActivityId\": \"2c91808568c529c60168cca6f90c1313\",\n \"comment\": \"I requested this role by mistake.\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests/cancel", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests", + "cancel" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "d2cf6f14-e17a-47cb-91a7-1000d3d3e2ef", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountActivityId\": \"2c91808568c529c60168cca6f90c1313\",\n \"comment\": \"I requested this role by mistake.\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-requests/cancel", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-requests", + "cancel" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Access Request Configuration", + "id": "8981c671-73b3-41e4-8f98-ca91ab22edfa", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + }, + "description": "This endpoint returns the current access-request configuration." + }, + "response": [ + { + "id": "c7860052-2f16-405f-8f55-8b0e66d202b4", + "name": "Access Request Configuration Details.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"approvalsMustBeExternal\": true,\n \"autoApprovalEnabled\": true,\n \"requestOnBehalfOfConfig\": {\n \"allowRequestOnBehalfOfAnyoneByAnyone\": true,\n \"allowRequestOnBehalfOfEmployeeByManager\": true\n },\n \"approvalReminderAndEscalationConfig\": {\n \"daysUntilEscalation\": 0,\n \"daysBetweenReminders\": 0,\n \"maxReminders\": 0,\n \"fallbackApproverRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n }\n },\n \"entitlementRequestConfig\": {\n \"allowEntitlementRequest\": true,\n \"requestCommentsRequired\": false,\n \"deniedCommentsRequired\": false,\n \"grantRequestApprovalSchemes\": \"entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584\"\n }\n}" + }, + { + "id": "26bb227c-6eed-49fa-8536-cd9ff7a4455f", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "62d8fac2-bf6d-4000-aeef-b270c456f717", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "b2f1c5ea-eb3c-4a59-bf47-821860b39853", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "7d1f42b7-b623-4742-91c1-988582da485b", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "9556a751-b79e-4313-8105-131768aa90ea", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Access Request Configuration", + "id": "79fc02ea-3229-4266-8eb6-7a2a7e304ba1", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"approvalsMustBeExternal\": true,\n \"autoApprovalEnabled\": true,\n \"requestOnBehalfOfConfig\": {\n \"allowRequestOnBehalfOfAnyoneByAnyone\": true,\n \"allowRequestOnBehalfOfEmployeeByManager\": true\n },\n \"approvalReminderAndEscalationConfig\": {\n \"daysUntilEscalation\": 0,\n \"daysBetweenReminders\": 0,\n \"maxReminders\": 0,\n \"fallbackApproverRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n }\n },\n \"entitlementRequestConfig\": {\n \"allowEntitlementRequest\": true,\n \"requestCommentsRequired\": false,\n \"deniedCommentsRequired\": false,\n \"grantRequestApprovalSchemes\": \"entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + }, + "description": "This endpoint replaces the current access-request configuration.\nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "3b14963b-8526-4c72-ae5e-2ac8611c5749", + "name": "Access Request Configuration Details.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"approvalsMustBeExternal\": true,\n \"autoApprovalEnabled\": true,\n \"requestOnBehalfOfConfig\": {\n \"allowRequestOnBehalfOfAnyoneByAnyone\": true,\n \"allowRequestOnBehalfOfEmployeeByManager\": true\n },\n \"approvalReminderAndEscalationConfig\": {\n \"daysUntilEscalation\": 0,\n \"daysBetweenReminders\": 0,\n \"maxReminders\": 0,\n \"fallbackApproverRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n }\n },\n \"entitlementRequestConfig\": {\n \"allowEntitlementRequest\": true,\n \"requestCommentsRequired\": false,\n \"deniedCommentsRequired\": false,\n \"grantRequestApprovalSchemes\": \"entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"approvalsMustBeExternal\": true,\n \"autoApprovalEnabled\": true,\n \"requestOnBehalfOfConfig\": {\n \"allowRequestOnBehalfOfAnyoneByAnyone\": true,\n \"allowRequestOnBehalfOfEmployeeByManager\": true\n },\n \"approvalReminderAndEscalationConfig\": {\n \"daysUntilEscalation\": 0,\n \"daysBetweenReminders\": 0,\n \"maxReminders\": 0,\n \"fallbackApproverRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n }\n },\n \"entitlementRequestConfig\": {\n \"allowEntitlementRequest\": true,\n \"requestCommentsRequired\": false,\n \"deniedCommentsRequired\": false,\n \"grantRequestApprovalSchemes\": \"entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584\"\n }\n}" + }, + { + "id": "9dba1570-b8ce-48c6-b653-9600f0c80e34", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"approvalsMustBeExternal\": true,\n \"autoApprovalEnabled\": true,\n \"requestOnBehalfOfConfig\": {\n \"allowRequestOnBehalfOfAnyoneByAnyone\": true,\n \"allowRequestOnBehalfOfEmployeeByManager\": true\n },\n \"approvalReminderAndEscalationConfig\": {\n \"daysUntilEscalation\": 0,\n \"daysBetweenReminders\": 0,\n \"maxReminders\": 0,\n \"fallbackApproverRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n }\n },\n \"entitlementRequestConfig\": {\n \"allowEntitlementRequest\": true,\n \"requestCommentsRequired\": false,\n \"deniedCommentsRequired\": false,\n \"grantRequestApprovalSchemes\": \"entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "3ce83d79-adfe-439a-9797-ed075cbc3b1b", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"approvalsMustBeExternal\": true,\n \"autoApprovalEnabled\": true,\n \"requestOnBehalfOfConfig\": {\n \"allowRequestOnBehalfOfAnyoneByAnyone\": true,\n \"allowRequestOnBehalfOfEmployeeByManager\": true\n },\n \"approvalReminderAndEscalationConfig\": {\n \"daysUntilEscalation\": 0,\n \"daysBetweenReminders\": 0,\n \"maxReminders\": 0,\n \"fallbackApproverRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n }\n },\n \"entitlementRequestConfig\": {\n \"allowEntitlementRequest\": true,\n \"requestCommentsRequired\": false,\n \"deniedCommentsRequired\": false,\n \"grantRequestApprovalSchemes\": \"entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "ae88192c-1631-4dbc-98a8-f2827e216bc1", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"approvalsMustBeExternal\": true,\n \"autoApprovalEnabled\": true,\n \"requestOnBehalfOfConfig\": {\n \"allowRequestOnBehalfOfAnyoneByAnyone\": true,\n \"allowRequestOnBehalfOfEmployeeByManager\": true\n },\n \"approvalReminderAndEscalationConfig\": {\n \"daysUntilEscalation\": 0,\n \"daysBetweenReminders\": 0,\n \"maxReminders\": 0,\n \"fallbackApproverRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n }\n },\n \"entitlementRequestConfig\": {\n \"allowEntitlementRequest\": true,\n \"requestCommentsRequired\": false,\n \"deniedCommentsRequired\": false,\n \"grantRequestApprovalSchemes\": \"entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "72ac4fc8-7280-49c1-8b90-61b6e21749d5", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"approvalsMustBeExternal\": true,\n \"autoApprovalEnabled\": true,\n \"requestOnBehalfOfConfig\": {\n \"allowRequestOnBehalfOfAnyoneByAnyone\": true,\n \"allowRequestOnBehalfOfEmployeeByManager\": true\n },\n \"approvalReminderAndEscalationConfig\": {\n \"daysUntilEscalation\": 0,\n \"daysBetweenReminders\": 0,\n \"maxReminders\": 0,\n \"fallbackApproverRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n }\n },\n \"entitlementRequestConfig\": {\n \"allowEntitlementRequest\": true,\n \"requestCommentsRequired\": false,\n \"deniedCommentsRequired\": false,\n \"grantRequestApprovalSchemes\": \"entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "1f5fa2d7-3cc7-435b-8493-181952a84fe7", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"approvalsMustBeExternal\": true,\n \"autoApprovalEnabled\": true,\n \"requestOnBehalfOfConfig\": {\n \"allowRequestOnBehalfOfAnyoneByAnyone\": true,\n \"allowRequestOnBehalfOfEmployeeByManager\": true\n },\n \"approvalReminderAndEscalationConfig\": {\n \"daysUntilEscalation\": 0,\n \"daysBetweenReminders\": 0,\n \"maxReminders\": 0,\n \"fallbackApproverRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n }\n },\n \"entitlementRequestConfig\": {\n \"allowEntitlementRequest\": true,\n \"requestCommentsRequired\": false,\n \"deniedCommentsRequired\": false,\n \"grantRequestApprovalSchemes\": \"entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/access-request-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-config" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Access Request Status", + "id": "9081237d-c6ea-409f-91a1-092c575fb91b", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-status?requested-for=2c9180877b2b6ea4017b2c545f971429&requested-by=2c9180877b2b6ea4017b2c545f971429®arding-identity=2c9180877b2b6ea4017b2c545f971429&count=false&limit=100&offset=10&filters=accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-status" + ], + "query": [ + { + "description": "Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.", + "key": "count", + "value": "false" + }, + { + "description": "Max number of results to return.", + "key": "limit", + "value": "100" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.", + "key": "offset", + "value": "10" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**accountActivityItemId**: *eq, in*", + "key": "filters", + "value": "accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified, accountActivityItemId**", + "key": "sorters", + "value": "created" + } + ] + }, + "description": "The Access Request Status API returns a list of access request statuses based on the specified query parameters.\nAny token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users." + }, + "response": [ + { + "id": "21bdcab7-dec7-4ce5-a85d-f074179b129b", + "name": "List of requested item status.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-status?requested-for=2c9180877b2b6ea4017b2c545f971429&requested-by=2c9180877b2b6ea4017b2c545f971429®arding-identity=2c9180877b2b6ea4017b2c545f971429&count=false&limit=100&offset=10&filters=accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-status" + ], + "query": [ + { + "description": "Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.", + "key": "count", + "value": "false" + }, + { + "description": "Max number of results to return.", + "key": "limit", + "value": "100" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.", + "key": "offset", + "value": "10" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**accountActivityItemId**: *eq, in*", + "key": "filters", + "value": "accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified, accountActivityItemId**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"name\": \"AccessProfile1\",\n \"type\": \"ACCESS_PROFILE\",\n \"cancelledRequestDetails\": {\n \"comment\": \"Nisl quis ipsum quam quisque condimentum nunc ut dolor nunc.\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-12-20T09:17:12.192Z\"\n },\n \"errorMessages\": [\n [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n ],\n \"state\": \"EXECUTING\",\n \"approvalDetails\": [\n {\n \"forwarded\": false,\n \"originalOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"currentOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"reviewedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"status\": \"PENDING\",\n \"scheme\": \"MANAGER\",\n \"errorMessages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"comment\": \"I approve this request\",\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n },\n {\n \"forwarded\": false,\n \"originalOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"currentOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"reviewedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"status\": \"PENDING\",\n \"scheme\": \"MANAGER\",\n \"errorMessages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"comment\": \"I approve this request\",\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n }\n ],\n \"manualWorkItemDetails\": [\n {\n \"forwarded\": true,\n \"originalOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"currentOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"status\": \"PENDING\",\n \"forwardHistory\": [\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n },\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n }\n ]\n },\n {\n \"forwarded\": true,\n \"originalOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"currentOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"status\": \"PENDING\",\n \"forwardHistory\": [\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n },\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n }\n ]\n }\n ],\n \"accountActivityItemId\": \"2c9180926cbfbddd016cbfc7c3b10010\",\n \"requestType\": \"GRANT_ACCESS\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedFor\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requesterComment\": {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n \"sodViolationContext\": {\n \"state\": \"SUCCESS\",\n \"uuid\": \"f73d16e9-a038-46c5-b217-1246e15fdbdd\",\n \"violationCheckResult\": {\n \"message\": {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"violationContexts\": [\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n },\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n }\n ],\n \"violatedPolicies\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n }\n ]\n }\n },\n \"provisioningDetails\": {\n \"orderedSubPhaseReferences\": \"manualWorkItemDetails\"\n },\n \"preApprovalTriggerDetails\": {\n \"comment\": \"Access is Approved\",\n \"reviewer\": \"John Doe\",\n \"decision\": \"APPROVED\"\n },\n \"accessRequestPhases\": [\n {\n \"started\": \"2020-07-11T00:00:00Z\",\n \"finished\": \"2020-07-12T00:00:00Z\",\n \"name\": \"APPROVAL_PHASE\",\n \"state\": \"COMPLETED\",\n \"result\": \"SUCCESSFUL\",\n \"phaseReference\": \"approvalDetails\"\n },\n {\n \"started\": \"2020-07-11T00:00:00Z\",\n \"finished\": \"2020-07-12T00:00:00Z\",\n \"name\": \"APPROVAL_PHASE\",\n \"state\": \"COMPLETED\",\n \"result\": \"SUCCESSFUL\",\n \"phaseReference\": \"approvalDetails\"\n }\n ],\n \"description\": \"This is the Engineering role that engineers are granted.\",\n \"removeDate\": \"2019-10-23T00:00:00.000Z\",\n \"cancelable\": true,\n \"accessRequestId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"clientMetadata\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n },\n {\n \"name\": \"AccessProfile1\",\n \"type\": \"ACCESS_PROFILE\",\n \"cancelledRequestDetails\": {\n \"comment\": \"Nisl quis ipsum quam quisque condimentum nunc ut dolor nunc.\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-12-20T09:17:12.192Z\"\n },\n \"errorMessages\": [\n [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n ],\n \"state\": \"EXECUTING\",\n \"approvalDetails\": [\n {\n \"forwarded\": false,\n \"originalOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"currentOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"reviewedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"status\": \"PENDING\",\n \"scheme\": \"MANAGER\",\n \"errorMessages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"comment\": \"I approve this request\",\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n },\n {\n \"forwarded\": false,\n \"originalOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"currentOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"reviewedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"status\": \"PENDING\",\n \"scheme\": \"MANAGER\",\n \"errorMessages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"comment\": \"I approve this request\",\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n }\n ],\n \"manualWorkItemDetails\": [\n {\n \"forwarded\": true,\n \"originalOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"currentOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"status\": \"PENDING\",\n \"forwardHistory\": [\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n },\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n }\n ]\n },\n {\n \"forwarded\": true,\n \"originalOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"currentOwner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"status\": \"PENDING\",\n \"forwardHistory\": [\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n },\n {\n \"oldApproverName\": \"Frank Mir\",\n \"newApproverName\": \"Al Volta\",\n \"comment\": \"Forwarding from Frank to Al\",\n \"modified\": \"2019-08-23T18:52:57.398Z\",\n \"forwarderName\": \"William Wilson\",\n \"reassignmentType\": \"AUTOMATIC_REASSIGNMENT\"\n }\n ]\n }\n ],\n \"accountActivityItemId\": \"2c9180926cbfbddd016cbfc7c3b10010\",\n \"requestType\": \"GRANT_ACCESS\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requestedFor\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"requesterComment\": {\n \"comment\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat\",\n \"author\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Adam Kennedy\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n },\n \"sodViolationContext\": {\n \"state\": \"SUCCESS\",\n \"uuid\": \"f73d16e9-a038-46c5-b217-1246e15fdbdd\",\n \"violationCheckResult\": {\n \"message\": {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n \"clientMetadata\": {\n \"requestedAppName\": \"test-app\",\n \"requestedAppId\": \"2c91808f7892918f0178b78da4a305a1\"\n },\n \"violationContexts\": [\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n },\n {\n \"policy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"conflictingAccessCriteria\": {\n \"leftCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n },\n \"rightCriteria\": {\n \"criteriaList\": [\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n },\n {\n \"existing\": true,\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c918085771e9d3301773b3cb66f6398\",\n \"name\": \"My HR Entitlement\"\n }\n ]\n }\n }\n }\n ],\n \"violatedPolicies\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n }\n ]\n }\n },\n \"provisioningDetails\": {\n \"orderedSubPhaseReferences\": \"manualWorkItemDetails\"\n },\n \"preApprovalTriggerDetails\": {\n \"comment\": \"Access is Approved\",\n \"reviewer\": \"John Doe\",\n \"decision\": \"APPROVED\"\n },\n \"accessRequestPhases\": [\n {\n \"started\": \"2020-07-11T00:00:00Z\",\n \"finished\": \"2020-07-12T00:00:00Z\",\n \"name\": \"APPROVAL_PHASE\",\n \"state\": \"COMPLETED\",\n \"result\": \"SUCCESSFUL\",\n \"phaseReference\": \"approvalDetails\"\n },\n {\n \"started\": \"2020-07-11T00:00:00Z\",\n \"finished\": \"2020-07-12T00:00:00Z\",\n \"name\": \"APPROVAL_PHASE\",\n \"state\": \"COMPLETED\",\n \"result\": \"SUCCESSFUL\",\n \"phaseReference\": \"approvalDetails\"\n }\n ],\n \"description\": \"This is the Engineering role that engineers are granted.\",\n \"removeDate\": \"2019-10-23T00:00:00.000Z\",\n \"cancelable\": true,\n \"accessRequestId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"clientMetadata\": {\n \"key1\": \"value1\",\n \"key2\": \"value2\"\n }\n }\n]" + }, + { + "id": "8f753924-71f3-462e-9218-cd88c7d7ad36", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-status?requested-for=2c9180877b2b6ea4017b2c545f971429&requested-by=2c9180877b2b6ea4017b2c545f971429®arding-identity=2c9180877b2b6ea4017b2c545f971429&count=false&limit=100&offset=10&filters=accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-status" + ], + "query": [ + { + "description": "Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.", + "key": "count", + "value": "false" + }, + { + "description": "Max number of results to return.", + "key": "limit", + "value": "100" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.", + "key": "offset", + "value": "10" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**accountActivityItemId**: *eq, in*", + "key": "filters", + "value": "accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified, accountActivityItemId**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "2958179b-e47d-4738-afdf-9e3ed346530b", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-status?requested-for=2c9180877b2b6ea4017b2c545f971429&requested-by=2c9180877b2b6ea4017b2c545f971429®arding-identity=2c9180877b2b6ea4017b2c545f971429&count=false&limit=100&offset=10&filters=accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-status" + ], + "query": [ + { + "description": "Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.", + "key": "count", + "value": "false" + }, + { + "description": "Max number of results to return.", + "key": "limit", + "value": "100" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.", + "key": "offset", + "value": "10" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**accountActivityItemId**: *eq, in*", + "key": "filters", + "value": "accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified, accountActivityItemId**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "240588d8-6eb6-404b-89f2-3f414221b713", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-status?requested-for=2c9180877b2b6ea4017b2c545f971429&requested-by=2c9180877b2b6ea4017b2c545f971429®arding-identity=2c9180877b2b6ea4017b2c545f971429&count=false&limit=100&offset=10&filters=accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-status" + ], + "query": [ + { + "description": "Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.", + "key": "count", + "value": "false" + }, + { + "description": "Max number of results to return.", + "key": "limit", + "value": "100" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.", + "key": "offset", + "value": "10" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**accountActivityItemId**: *eq, in*", + "key": "filters", + "value": "accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified, accountActivityItemId**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "143c93c0-d130-4675-9a97-89bca23a444f", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-status?requested-for=2c9180877b2b6ea4017b2c545f971429&requested-by=2c9180877b2b6ea4017b2c545f971429®arding-identity=2c9180877b2b6ea4017b2c545f971429&count=false&limit=100&offset=10&filters=accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-status" + ], + "query": [ + { + "description": "Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.", + "key": "count", + "value": "false" + }, + { + "description": "Max number of results to return.", + "key": "limit", + "value": "100" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.", + "key": "offset", + "value": "10" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**accountActivityItemId**: *eq, in*", + "key": "filters", + "value": "accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified, accountActivityItemId**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "24a7920e-cfdf-45a8-b200-e3577f60fb64", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/access-request-status?requested-for=2c9180877b2b6ea4017b2c545f971429&requested-by=2c9180877b2b6ea4017b2c545f971429®arding-identity=2c9180877b2b6ea4017b2c545f971429&count=false&limit=100&offset=10&filters=accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "access-request-status" + ], + "query": [ + { + "description": "Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c9180877b2b6ea4017b2c545f971429" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.", + "key": "count", + "value": "false" + }, + { + "description": "Max number of results to return.", + "key": "limit", + "value": "100" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified.", + "key": "offset", + "value": "10" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**accountActivityItemId**: *eq, in*", + "key": "filters", + "value": "accountActivityItemId eq \"2c918086771c86df0177401efcdf54c0\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified, accountActivityItemId**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "34a298e4-f338-49ab-b0c1-026b79d5e49d", + "description": "Use this API to implement and customize access request functionality. \nWith this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked.\nThis allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools. \n\nIdentityNow's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them.\n\nIn the Request Center in IdentityNow, users can view available applications, roles, and entitlements and request access to them. \nIf the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them. \n\nUsers can use My Requests to track and/or cancel the requests.\n\nIn My Team on the IdentityNow Home, managers can submit requests to revoke their team members' access. \nThey can use the My Requests tab under Request Center to track and/or cancel the requests.\n\nRefer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests.\n" + }, + { + "name": "Accounts", + "item": [ + { + "name": "Accounts List", + "id": "8eefc9da-0640-4fb9-ba9b-35bb8574cb3d", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts?limit=250&offset=0&count=true&filters=identityId eq \"2c9180858082150f0180893dbaf44201\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**identityId**: *eq*\n\n**name**: *eq, in*\n\n**nativeIdentity**: *eq, in*\n\n**sourceId**: *eq, in*\n\n**uncorrelated**: *eq*", + "key": "filters", + "value": "identityId eq \"2c9180858082150f0180893dbaf44201\"" + } + ] + }, + "description": "This returns a list of accounts. \nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "74cc9728-0380-401e-86ca-92be3db78b7c", + "name": "List of account objects", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts?limit=250&offset=0&count=true&filters=identityId eq \"2c9180858082150f0180893dbaf44201\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**identityId**: *eq*\n\n**name**: *eq, in*\n\n**nativeIdentity**: *eq, in*\n\n**sourceId**: *eq, in*\n\n**uncorrelated**: *eq*", + "key": "filters", + "value": "identityId eq \"2c9180858082150f0180893dbaf44201\"" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"sourceId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"identityId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"attributes\": {\n \"firstName\": \"SailPoint\",\n \"lastName\": \"Support\",\n \"displayName\": \"SailPoint Support\"\n },\n \"authoritative\": false,\n \"description\": null,\n \"disabled\": false,\n \"locked\": false,\n \"nativeIdentity\": \"552775\",\n \"systemAccount\": false,\n \"uncorrelated\": false,\n \"uuid\": \"slpt.support\",\n \"manuallyCorrelated\": false,\n \"hasEntitlements\": true\n },\n {\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"sourceId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"identityId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"attributes\": {\n \"firstName\": \"SailPoint\",\n \"lastName\": \"Support\",\n \"displayName\": \"SailPoint Support\"\n },\n \"authoritative\": false,\n \"description\": null,\n \"disabled\": false,\n \"locked\": false,\n \"nativeIdentity\": \"552775\",\n \"systemAccount\": false,\n \"uncorrelated\": false,\n \"uuid\": \"slpt.support\",\n \"manuallyCorrelated\": false,\n \"hasEntitlements\": true\n }\n]" + }, + { + "id": "552006f0-6f0b-4407-b399-73ab7f566216", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts?limit=250&offset=0&count=true&filters=identityId eq \"2c9180858082150f0180893dbaf44201\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**identityId**: *eq*\n\n**name**: *eq, in*\n\n**nativeIdentity**: *eq, in*\n\n**sourceId**: *eq, in*\n\n**uncorrelated**: *eq*", + "key": "filters", + "value": "identityId eq \"2c9180858082150f0180893dbaf44201\"" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "c2cf1260-56dd-4f73-8e0a-1a67a3d83b62", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts?limit=250&offset=0&count=true&filters=identityId eq \"2c9180858082150f0180893dbaf44201\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**identityId**: *eq*\n\n**name**: *eq, in*\n\n**nativeIdentity**: *eq, in*\n\n**sourceId**: *eq, in*\n\n**uncorrelated**: *eq*", + "key": "filters", + "value": "identityId eq \"2c9180858082150f0180893dbaf44201\"" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "5af7a98b-2adc-4b56-9dac-0708c4d72e0f", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts?limit=250&offset=0&count=true&filters=identityId eq \"2c9180858082150f0180893dbaf44201\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**identityId**: *eq*\n\n**name**: *eq, in*\n\n**nativeIdentity**: *eq, in*\n\n**sourceId**: *eq, in*\n\n**uncorrelated**: *eq*", + "key": "filters", + "value": "identityId eq \"2c9180858082150f0180893dbaf44201\"" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "c71261c5-2c47-41cf-9d02-f182ec0ba803", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts?limit=250&offset=0&count=true&filters=identityId eq \"2c9180858082150f0180893dbaf44201\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**identityId**: *eq*\n\n**name**: *eq, in*\n\n**nativeIdentity**: *eq, in*\n\n**sourceId**: *eq, in*\n\n**uncorrelated**: *eq*", + "key": "filters", + "value": "identityId eq \"2c9180858082150f0180893dbaf44201\"" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "93ce162d-76e4-4d81-a57b-c5539d754763", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts?limit=250&offset=0&count=true&filters=identityId eq \"2c9180858082150f0180893dbaf44201\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**identityId**: *eq*\n\n**name**: *eq, in*\n\n**nativeIdentity**: *eq, in*\n\n**sourceId**: *eq, in*\n\n**uncorrelated**: *eq*", + "key": "filters", + "value": "identityId eq \"2c9180858082150f0180893dbaf44201\"" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create Account", + "id": "547c00df-bfec-42eb-971a-f3ad8958535b", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"sourceId\": \"34bfcbe116c9407464af37acbaf7a4dc\",\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ] + }, + "description": "This API submits an account creation task and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "657f05ce-2003-440a-9c7b-6d0953577484", + "name": "Async task details", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"sourceId\": \"34bfcbe116c9407464af37acbaf7a4dc\",\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808474683da6017468693c260195\"\n}" + }, + { + "id": "f7fc1b2f-9fc2-43d3-96e3-c56eb3ddd3ff", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"sourceId\": \"34bfcbe116c9407464af37acbaf7a4dc\",\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "d16212bb-df5f-42f4-b0c2-0d858790907c", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"sourceId\": \"34bfcbe116c9407464af37acbaf7a4dc\",\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "6bceb2fd-ba55-4a38-8ac4-39f67f66efd7", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"sourceId\": \"34bfcbe116c9407464af37acbaf7a4dc\",\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "08eeee1e-a967-4f0e-91bd-aff7ba9fdc4c", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"sourceId\": \"34bfcbe116c9407464af37acbaf7a4dc\",\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "89f9d7f8-523f-4555-86fb-5f235990c1dd", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"sourceId\": \"34bfcbe116c9407464af37acbaf7a4dc\",\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Account Details", + "id": "5e47aab4-1c7d-4daf-9f34-2b667eb3101f", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API returns the details for a single account based on the ID. \nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "61ef2b9b-bb02-418c-8bc8-1d16198b3cbe", + "name": "An account object", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"sourceId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"identityId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"attributes\": {\n \"firstName\": \"SailPoint\",\n \"lastName\": \"Support\",\n \"displayName\": \"SailPoint Support\"\n },\n \"authoritative\": false,\n \"description\": null,\n \"disabled\": false,\n \"locked\": false,\n \"nativeIdentity\": \"552775\",\n \"systemAccount\": false,\n \"uncorrelated\": false,\n \"uuid\": \"slpt.support\",\n \"manuallyCorrelated\": false,\n \"hasEntitlements\": true\n}" + }, + { + "id": "c53149d4-cefa-4eb1-8bdd-d71b71343d27", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "f4b5f5c0-00ad-497d-bf63-1faf61a959ad", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0d2f3d80-fd96-4d03-8343-92d4a01c6f54", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "1d62a267-fc8a-48fe-88ff-9ee3894625d3", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "7c91e2e8-80de-4463-b237-7312868f8130", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "b7c22c68-85d0-4352-9c84-1350009b55b7", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Account", + "id": "3cdf7f3b-fb1b-47a3-adef-61e23b2573a1", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/identityId\",\n \"value\": \"2c9180845d1edece015d27a975983e21\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "Use this API to modify the following fields:\n* `identityId`\n\n* `manuallyCorrelated`\n\n>**NOTE: All other fields can not be modified.**\n\nThe request must provide a JSONPatch payload.\n\nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "bfbcbddb-4930-40ff-a64b-3a8843cd8cec", + "name": "Accepted. Update request accepted and is in progress.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/identityId\",\n \"value\": \"2c9180845d1edece015d27a975983e21\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{}" + }, + { + "id": "05b3e589-e590-45af-b201-c16130379453", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/identityId\",\n \"value\": \"2c9180845d1edece015d27a975983e21\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "39a7bd8c-59a3-46a5-ae16-bba0ab8cafef", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/identityId\",\n \"value\": \"2c9180845d1edece015d27a975983e21\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "68168ee3-1edc-471b-8fd7-c7ee56c47435", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/identityId\",\n \"value\": \"2c9180845d1edece015d27a975983e21\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "32f12e31-0e4a-416d-a64b-3a0f6ac77597", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/identityId\",\n \"value\": \"2c9180845d1edece015d27a975983e21\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "6675887d-c2aa-4cae-8358-b0333281d136", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/identityId\",\n \"value\": \"2c9180845d1edece015d27a975983e21\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "ae0fba41-2e0e-4e1a-bd5e-e9d168b3010f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/identityId\",\n \"value\": \"2c9180845d1edece015d27a975983e21\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Account", + "id": "5c28f9ef-5070-486d-996d-0ec5be8338a4", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API submits an account update task and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API.\n>**NOTE: The PUT Account API is designated only for Delimited File sources.**" + }, + "response": [ + { + "id": "97950be3-bbe9-4d3b-acd6-6fc78b377817", + "name": "Async task details", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808474683da6017468693c260195\"\n}" + }, + { + "id": "b3587332-3cc2-4fab-8b5e-f7151436f95d", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "c8794f2f-a281-4ff6-baf2-79a158e83c1d", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "2e00ecfd-2b1f-4613-8e00-5c021a350bce", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "97a880f0-d3cf-4169-857f-dc4373e53932", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "177b5f70-04df-4984-87b7-95f29348ef8a", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "fbe77a2f-cd8f-4dca-8fbd-dfa1154e8f24", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"city\": \"Austin\",\n \"displayName\": \"John Doe\",\n \"userName\": \"jdoe\",\n \"sAMAccountName\": \"jDoe\",\n \"mail\": \"john.doe@sailpoint.com\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Account", + "id": "8f47eb8c-9ebc-4d3e-b190-6491fb15f801", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API submits an account delete task and returns the task ID. This operation can only be used on Flat File Sources. Any attempt to execute this request on the source of other type will result in an error response with a status code of 400.\nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "df89f217-0fa5-497c-9053-1ae76ffbc332", + "name": "Async task details", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808474683da6017468693c260195\"\n}" + }, + { + "id": "41cde5b7-f68f-46d3-aa59-f97e4a546a88", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "1cd52f88-5b06-428b-80c0-1b176d136024", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "a038660f-f3bb-41dc-9a85-62364d506aa7", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "c780cce2-ed7c-40d5-ac26-fa78299689d7", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "79905d09-c769-48d3-83ab-0269d16e26df", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "dbea9cd1-b5d8-4186-9101-7f3c241e4a54", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Account Entitlements", + "id": "c4f7061e-1776-4304-9af7-d8d69d5fbe74", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/entitlements?limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API returns entitlements of the account. \nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "e8e5fef4-2289-418a-8db9-3f1c3cd50e4a", + "name": "An array of account entitlements", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/entitlements?limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"attribute\": \"authorizationType\",\n \"value\": \"CN=Users,dc=sailpoint,dc=com\",\n \"description\": \"Active Directory DC\",\n \"attributes\": {\n \"GroupType\": \"Security\",\n \"sAMAccountName\": \"Buyer\"\n },\n \"sourceSchemaObjectType\": \"group\",\n \"privileged\": false,\n \"cloudGoverned\": false,\n \"source\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n }\n },\n {\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"attribute\": \"authorizationType\",\n \"value\": \"CN=Users,dc=sailpoint,dc=com\",\n \"description\": \"Active Directory DC\",\n \"attributes\": {\n \"GroupType\": \"Security\",\n \"sAMAccountName\": \"Buyer\"\n },\n \"sourceSchemaObjectType\": \"group\",\n \"privileged\": false,\n \"cloudGoverned\": false,\n \"source\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n }\n }\n]" + }, + { + "id": "9d36101f-578f-4fe0-8af0-5f593ec987a4", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/entitlements?limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "f6dd2e31-d92f-4e14-851d-5c9319f29fae", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/entitlements?limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "43578c65-1e75-4eae-ad0b-510c14ef38bf", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/entitlements?limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "4b554240-76f9-419a-85a1-e0c422f22f3e", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/entitlements?limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "e066ab76-9138-4997-a0bf-a1d3062d916f", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/entitlements?limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "ec697949-582f-4f13-b7be-234676454a7e", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/entitlements?limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "entitlements" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Reload Account", + "id": "70e20a38-0dac-4a85-b0b2-094c81d92602", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/reload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "reload" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. \nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "9d6c5a82-b22f-4e39-8345-ba83662c1019", + "name": "Async task details", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/reload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "reload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808474683da6017468693c260195\"\n}" + }, + { + "id": "3e5efe6d-03b2-4846-959e-24b0f532a88a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/reload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "reload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "cdb5ad56-bfeb-41c1-b4e1-65ddeaf35b09", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/reload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "reload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "245ca1c7-8d98-427c-b7b6-19d9a9b8106b", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/reload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "reload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "1fdf73f9-87ae-44a4-8839-c435d95b9bc6", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/reload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "reload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "4288d7c1-22aa-4dc9-998a-711c51db1818", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/reload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "reload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "062969ec-7d99-44ea-8f9b-e95d39c03c58", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/accounts/:id/reload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "reload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Enable Account", + "id": "1d130c7c-03f3-438c-a15a-0ffb8aaf38d8", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/enable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "enable" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API submits a task to enable account and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "7a862333-11a1-4205-894f-c62aa87a95b0", + "name": "Async task details", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/enable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "enable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808474683da6017468693c260195\"\n}" + }, + { + "id": "ca9ba7af-5343-42a1-8673-fd9db23307e1", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/enable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "enable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "754022ac-6ba6-43e0-8e49-36bd5342d264", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/enable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "enable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "7a18ee36-a6ad-49c4-8594-d51415ba31cb", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/enable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "enable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "38f64008-ab84-4b2a-b3f0-0945d46daf82", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/enable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "enable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "912762ef-6032-46a3-a979-15180edcb6fc", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/enable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "enable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "07179e36-1559-4bff-a039-ebe96c0f854d", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/enable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "enable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Disable Account", + "id": "cab7eaee-f96a-4134-ae1d-3aef591cb02c", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/disable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "disable" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API submits a task to disable the account and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "8999db5f-3ea9-40e9-bcb4-d0c23a508cd0", + "name": "Async task details", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/disable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "disable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808474683da6017468693c260195\"\n}" + }, + { + "id": "59e485ba-daca-4d97-98f5-5a63d738db9d", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/disable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "disable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "f639dce3-d206-460a-ab34-2cec7455aad8", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/disable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "disable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "872729e7-f2c1-4f7e-bbcc-5899e5b668d7", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/disable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "disable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "484fc639-1ca1-4887-9100-74c5e13b79a0", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/disable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "disable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "8fe31c6f-c92b-4ac8-8c0d-878cf4d6bd14", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/disable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "disable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "6af0291c-81c2-4687-99a3-f2d9a6b51f60", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/disable", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "disable" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Unlock Account", + "id": "b6194099-c6d8-4d97-9e61-b056465e6785", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"unlockIDNAccount\": false,\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/unlock", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "unlock" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API submits a task to unlock an account and returns the task ID. \nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "ddae088d-105b-40be-ab6b-9675072c1f9b", + "name": "Async task details", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"unlockIDNAccount\": false,\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/unlock", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "unlock" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808474683da6017468693c260195\"\n}" + }, + { + "id": "96f588d1-c193-477b-bf27-d0689f27f5b1", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"unlockIDNAccount\": false,\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/unlock", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "unlock" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "af23ee89-ba8c-4987-af18-c3ec1f251640", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"unlockIDNAccount\": false,\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/unlock", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "unlock" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "20b6ff16-f828-441b-9788-e83885aed684", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"unlockIDNAccount\": false,\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/unlock", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "unlock" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "827559a7-8247-428f-b0a6-a0d3d624a47a", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"unlockIDNAccount\": false,\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/unlock", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "unlock" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "01f7a318-e69f-4233-a69b-c707a39d4a3f", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"unlockIDNAccount\": false,\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/unlock", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "unlock" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "a5ffd7a9-91f5-4bfc-b9a7-6e1de930cffa", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"externalVerificationId\": \"3f9180835d2e5168015d32f890ca1581\",\n \"unlockIDNAccount\": false,\n \"forceProvisioning\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/accounts/:id/unlock", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "accounts", + ":id", + "unlock" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "989f43c8-5a1f-4728-b19b-a1656e9aac4a", + "description": "Use this API to implement and customize account functionality.\nWith this functionality in place, administrators can manage users' access across sources in IdentityNow. \n\nIn IdentityNow, an account refers to a user's account on a supported source.\nThis typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. IdentityNow loads accounts through the creation of sources in IdentityNow.\n\nAdministrators can correlate users' identities with the users' accounts on the different sources they use. \nThis allows IdentityNow to govern the access of identities and all their correlated accounts securely and cohesively. \n\nTo view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab. \n\nTo view and edit source account statuses for an identity in IdentityNow, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. \nAdministrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity. \n\nAccounts can have the following statuses: \n\n- Enabled: The account is enabled. The user can access it.\n\n- Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in IdentityNow. This can occur when an administrator disables the account or when the user's lifecycle state changes. \n\n- Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times.\n\n- Pending: The account is currently updating. This status typically lasts seconds. \n\nAdministrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed.\n\nRefer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts.\n" + }, + { + "name": "Account Activities", + "item": [ + { + "name": "List Account Activities", + "id": "d2d7b5bd-f6ed-436c-adfa-4c604fe77d7f", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities?requested-for=2c91808568c529c60168cca6f90c1313&requested-by=2c91808568c529c60168cca6f90c1313®arding-identity=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=type eq \"Identity Refresh\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities" + ], + "query": [ + { + "description": "The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nFiltering is supported for the following fields and operators:\n\n**type**: *eq, in* (See the `type` property in the response schema for possible values)\n\n**created**: *gt, lt, ge, le*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "type eq \"Identity Refresh\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **type, created, modified**", + "key": "sorters", + "value": "created" + } + ] + }, + "description": "This gets a collection of account activities that satisfy the given query parameters." + }, + "response": [ + { + "id": "a66972c2-7886-42e0-aeb5-51d75d3cb1ae", + "name": "List of account activities", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities?requested-for=2c91808568c529c60168cca6f90c1313&requested-by=2c91808568c529c60168cca6f90c1313®arding-identity=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=type eq \"Identity Refresh\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities" + ], + "query": [ + { + "description": "The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nFiltering is supported for the following fields and operators:\n\n**type**: *eq, in* (See the `type` property in the response schema for possible values)\n\n**created**: *gt, lt, ge, le*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "type eq \"Identity Refresh\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **type, created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"2c9180835d2e5168015d32f890ca1581\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"completionStatus\": \"SUCCESS\",\n \"type\": \"appRequest\",\n \"requesterIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"targetIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"errors\": [\n \"sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.\"\n ],\n \"warnings\": [\n \"Some warning, another warning\"\n ],\n \"items\": [\n {\n \"id\": \"48c545831b264409a81befcabb0e3c5a\",\n \"name\": \"48c545831b264409a81befcabb0e3c5a\",\n \"requested\": \"2017-07-11T18:45:37.098Z\",\n \"approvalStatus\": \"FINISHED\",\n \"provisioningStatus\": \"PENDING\",\n \"requesterComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"reviewerIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"reviewerComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"operation\": \"ADD\",\n \"attribute\": \"detectedRoles\",\n \"value\": \"Treasury Analyst [AccessProfile-1529010191212]\",\n \"nativeIdentity\": \"Sandie.Camero\",\n \"sourceId\": \"2c91808363ef85290164000587130c0c\",\n \"accountRequestInfo\": {\n \"requestedObjectId\": \"2c91808563ef85690164001c31140c0c\",\n \"requestedObjectName\": \"Treasury Analyst\",\n \"requestedObjectType\": \"ACCESS_PROFILE\"\n },\n \"clientMetadata\": {\n \"customKey1\": \"custom value 1\",\n \"customKey2\": \"custom value 2\"\n },\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n },\n {\n \"id\": \"48c545831b264409a81befcabb0e3c5a\",\n \"name\": \"48c545831b264409a81befcabb0e3c5a\",\n \"requested\": \"2017-07-11T18:45:37.098Z\",\n \"approvalStatus\": \"FINISHED\",\n \"provisioningStatus\": \"PENDING\",\n \"requesterComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"reviewerIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"reviewerComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"operation\": \"ADD\",\n \"attribute\": \"detectedRoles\",\n \"value\": \"Treasury Analyst [AccessProfile-1529010191212]\",\n \"nativeIdentity\": \"Sandie.Camero\",\n \"sourceId\": \"2c91808363ef85290164000587130c0c\",\n \"accountRequestInfo\": {\n \"requestedObjectId\": \"2c91808563ef85690164001c31140c0c\",\n \"requestedObjectName\": \"Treasury Analyst\",\n \"requestedObjectType\": \"ACCESS_PROFILE\"\n },\n \"clientMetadata\": {\n \"customKey1\": \"custom value 1\",\n \"customKey2\": \"custom value 2\"\n },\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n }\n ],\n \"executionStatus\": \"COMPLETED\",\n \"clientMetadata\": {\n \"customKey1\": \"custom value 1\",\n \"customKey2\": \"custom value 2\"\n }\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"2c9180835d2e5168015d32f890ca1581\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"completionStatus\": \"SUCCESS\",\n \"type\": \"appRequest\",\n \"requesterIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"targetIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"errors\": [\n \"sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.\"\n ],\n \"warnings\": [\n \"Some warning, another warning\"\n ],\n \"items\": [\n {\n \"id\": \"48c545831b264409a81befcabb0e3c5a\",\n \"name\": \"48c545831b264409a81befcabb0e3c5a\",\n \"requested\": \"2017-07-11T18:45:37.098Z\",\n \"approvalStatus\": \"FINISHED\",\n \"provisioningStatus\": \"PENDING\",\n \"requesterComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"reviewerIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"reviewerComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"operation\": \"ADD\",\n \"attribute\": \"detectedRoles\",\n \"value\": \"Treasury Analyst [AccessProfile-1529010191212]\",\n \"nativeIdentity\": \"Sandie.Camero\",\n \"sourceId\": \"2c91808363ef85290164000587130c0c\",\n \"accountRequestInfo\": {\n \"requestedObjectId\": \"2c91808563ef85690164001c31140c0c\",\n \"requestedObjectName\": \"Treasury Analyst\",\n \"requestedObjectType\": \"ACCESS_PROFILE\"\n },\n \"clientMetadata\": {\n \"customKey1\": \"custom value 1\",\n \"customKey2\": \"custom value 2\"\n },\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n },\n {\n \"id\": \"48c545831b264409a81befcabb0e3c5a\",\n \"name\": \"48c545831b264409a81befcabb0e3c5a\",\n \"requested\": \"2017-07-11T18:45:37.098Z\",\n \"approvalStatus\": \"FINISHED\",\n \"provisioningStatus\": \"PENDING\",\n \"requesterComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"reviewerIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"reviewerComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"operation\": \"ADD\",\n \"attribute\": \"detectedRoles\",\n \"value\": \"Treasury Analyst [AccessProfile-1529010191212]\",\n \"nativeIdentity\": \"Sandie.Camero\",\n \"sourceId\": \"2c91808363ef85290164000587130c0c\",\n \"accountRequestInfo\": {\n \"requestedObjectId\": \"2c91808563ef85690164001c31140c0c\",\n \"requestedObjectName\": \"Treasury Analyst\",\n \"requestedObjectType\": \"ACCESS_PROFILE\"\n },\n \"clientMetadata\": {\n \"customKey1\": \"custom value 1\",\n \"customKey2\": \"custom value 2\"\n },\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n }\n ],\n \"executionStatus\": \"COMPLETED\",\n \"clientMetadata\": {\n \"customKey1\": \"custom value 1\",\n \"customKey2\": \"custom value 2\"\n }\n }\n]" + }, + { + "id": "b9f6146f-a86c-4397-837f-e989711a2d00", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities?requested-for=2c91808568c529c60168cca6f90c1313&requested-by=2c91808568c529c60168cca6f90c1313®arding-identity=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=type eq \"Identity Refresh\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities" + ], + "query": [ + { + "description": "The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nFiltering is supported for the following fields and operators:\n\n**type**: *eq, in* (See the `type` property in the response schema for possible values)\n\n**created**: *gt, lt, ge, le*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "type eq \"Identity Refresh\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **type, created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "6eeb2a16-c809-4492-b5a9-08ab13f50bb8", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities?requested-for=2c91808568c529c60168cca6f90c1313&requested-by=2c91808568c529c60168cca6f90c1313®arding-identity=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=type eq \"Identity Refresh\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities" + ], + "query": [ + { + "description": "The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nFiltering is supported for the following fields and operators:\n\n**type**: *eq, in* (See the `type` property in the response schema for possible values)\n\n**created**: *gt, lt, ge, le*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "type eq \"Identity Refresh\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **type, created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0df3c886-ff8c-4b66-8bbc-54a12502402f", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities?requested-for=2c91808568c529c60168cca6f90c1313&requested-by=2c91808568c529c60168cca6f90c1313®arding-identity=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=type eq \"Identity Refresh\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities" + ], + "query": [ + { + "description": "The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nFiltering is supported for the following fields and operators:\n\n**type**: *eq, in* (See the `type` property in the response schema for possible values)\n\n**created**: *gt, lt, ge, le*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "type eq \"Identity Refresh\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **type, created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "1478f748-cebb-479c-ae51-5986d2464897", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities?requested-for=2c91808568c529c60168cca6f90c1313&requested-by=2c91808568c529c60168cca6f90c1313®arding-identity=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=type eq \"Identity Refresh\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities" + ], + "query": [ + { + "description": "The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nFiltering is supported for the following fields and operators:\n\n**type**: *eq, in* (See the `type` property in the response schema for possible values)\n\n**created**: *gt, lt, ge, le*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "type eq \"Identity Refresh\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **type, created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "5e9e928f-1b14-4c14-8a22-950e4467309f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities?requested-for=2c91808568c529c60168cca6f90c1313&requested-by=2c91808568c529c60168cca6f90c1313®arding-identity=2c91808568c529c60168cca6f90c1313&limit=250&offset=0&count=true&filters=type eq \"Identity Refresh\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities" + ], + "query": [ + { + "description": "The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-for", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*.", + "key": "requested-by", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*.", + "key": "regarding-identity", + "value": "2c91808568c529c60168cca6f90c1313" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nFiltering is supported for the following fields and operators:\n\n**type**: *eq, in* (See the `type` property in the response schema for possible values)\n\n**created**: *gt, lt, ge, le*\n\n**modified**: *gt, lt, ge, le*", + "key": "filters", + "value": "type eq \"Identity Refresh\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **type, created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get an Account Activity", + "id": "329b32ee-1397-4c3e-8301-14c229595699", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This gets a single account activity by its id." + }, + "response": [ + { + "id": "2717b7fa-eecf-4d2a-98bf-923ae33322a4", + "name": "An account activity object", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"2c9180835d2e5168015d32f890ca1581\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"completionStatus\": \"SUCCESS\",\n \"type\": \"appRequest\",\n \"requesterIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"targetIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"errors\": [\n \"sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.\"\n ],\n \"warnings\": [\n \"Some warning, another warning\"\n ],\n \"items\": [\n {\n \"id\": \"48c545831b264409a81befcabb0e3c5a\",\n \"name\": \"48c545831b264409a81befcabb0e3c5a\",\n \"requested\": \"2017-07-11T18:45:37.098Z\",\n \"approvalStatus\": \"FINISHED\",\n \"provisioningStatus\": \"PENDING\",\n \"requesterComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"reviewerIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"reviewerComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"operation\": \"ADD\",\n \"attribute\": \"detectedRoles\",\n \"value\": \"Treasury Analyst [AccessProfile-1529010191212]\",\n \"nativeIdentity\": \"Sandie.Camero\",\n \"sourceId\": \"2c91808363ef85290164000587130c0c\",\n \"accountRequestInfo\": {\n \"requestedObjectId\": \"2c91808563ef85690164001c31140c0c\",\n \"requestedObjectName\": \"Treasury Analyst\",\n \"requestedObjectType\": \"ACCESS_PROFILE\"\n },\n \"clientMetadata\": {\n \"customKey1\": \"custom value 1\",\n \"customKey2\": \"custom value 2\"\n },\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n },\n {\n \"id\": \"48c545831b264409a81befcabb0e3c5a\",\n \"name\": \"48c545831b264409a81befcabb0e3c5a\",\n \"requested\": \"2017-07-11T18:45:37.098Z\",\n \"approvalStatus\": \"FINISHED\",\n \"provisioningStatus\": \"PENDING\",\n \"requesterComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"reviewerIdentitySummary\": {\n \"id\": \"ff80818155fe8c080155fe8d925b0316\",\n \"name\": \"SailPoint Services\",\n \"identityId\": \"c15b9f5cca5a4e9599eaa0e64fa921bd\",\n \"completed\": true\n },\n \"reviewerComment\": {\n \"commenterId\": \"2c918084660f45d6016617daa9210584\",\n \"commenterName\": \"Adam Kennedy\",\n \"body\": \"Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.\",\n \"date\": \"2017-07-11T18:45:37.098Z\"\n },\n \"operation\": \"ADD\",\n \"attribute\": \"detectedRoles\",\n \"value\": \"Treasury Analyst [AccessProfile-1529010191212]\",\n \"nativeIdentity\": \"Sandie.Camero\",\n \"sourceId\": \"2c91808363ef85290164000587130c0c\",\n \"accountRequestInfo\": {\n \"requestedObjectId\": \"2c91808563ef85690164001c31140c0c\",\n \"requestedObjectName\": \"Treasury Analyst\",\n \"requestedObjectType\": \"ACCESS_PROFILE\"\n },\n \"clientMetadata\": {\n \"customKey1\": \"custom value 1\",\n \"customKey2\": \"custom value 2\"\n },\n \"removeDate\": \"2020-07-11T00:00:00Z\"\n }\n ],\n \"executionStatus\": \"COMPLETED\",\n \"clientMetadata\": {\n \"customKey1\": \"custom value 1\",\n \"customKey2\": \"custom value 2\"\n }\n}" + }, + { + "id": "d88731a3-c543-43f7-a94d-f9426eee1481", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "60a1ac67-361b-49f0-8a7b-4fb1912db0f4", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "e2b83dd3-fd8d-456f-bb77-37908a72e27a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "c10ee12d-1fec-4221-901f-5f95d0bbf0ea", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "1d63fff0-d21d-4f28-b4fc-8a57011c70d8", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "7fa13d1f-c66d-45b3-ae97-1c81ba0b15c5", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/account-activities/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "account-activities", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "55235897-b63e-4578-a8db-1d24389f66aa", + "description": "Use this API to implement account activity tracking functionality.\nWith this functionality in place, users can track source account activity in IdentityNow, which greatly improves traceability in the system. \n\nAn account activity refers to a log of each action performed on a source account. This is useful for auditing the changes performed on an account throughout its life. \nIn IdentityNow's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient. \n\nAccount activity includes most actions IdentityNow completes on source accounts. Users can search in IdentityNow for the following account action types: \n\n- Access Request: These include any access requests the source account is involved in. \n\n- Account Attribute Updates: These include updates to a single attribute on an account on a source. \n\n- Account State Update: These include locking or unlocking actions on an account on a source. \n\n- Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification.\n\n- Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state. \nIdentityNow replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to. \n\n- Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action. \nWhen you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays.\nAccount Activity does not include attribute updates that occur as a result of aggregation.\n\n- Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates. \nThese also include refreshes that occur whenever IdentityNow assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source. \n\n- Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change. \n\n- Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state.\n\n- Password Change: These include password changes on sources.\n\nRefer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities.\n" + }, + { + "name": "Certifications", + "item": [ + { + "name": "Identity Campaign Certifications by IDs", + "id": "ca931065-ea45-4663-a653-b7fbd6cd4ac6", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications?reviewer-identity=me&limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name,due", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications" + ], + "query": [ + { + "description": "The ID of reviewer identity. *me* indicates the current user.", + "key": "reviewer-identity", + "value": "me" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**id**: *eq, in*\n**campaign.id**: *eq, in*\n**phase**: *eq*\n**completed**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **name, due, signed**", + "key": "sorters", + "value": "name,due" + } + ] + }, + "description": "This API returns a list of identity campaign certifications that satisfy the given query parameters. Any authenticated token can call this API, but only certifications you are authorized to review will be returned. This API does not support requests for certifications assigned to Governance Groups." + }, + "response": [ + { + "id": "dcb3aca9-ada2-47b1-b5e1-d996d6a613b7", + "name": "List of identity campaign certifications", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications?reviewer-identity=me&limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name,due", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications" + ], + "query": [ + { + "description": "The ID of reviewer identity. *me* indicates the current user.", + "key": "reviewer-identity", + "value": "me" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**id**: *eq, in*\n**campaign.id**: *eq, in*\n**phase**: *eq*\n**completed**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **name, due, signed**", + "key": "sorters", + "value": "name,due" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Source Owner Access Review for Employees [source]\",\n \"campaign\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Campaign Name\",\n \"type\": \"CAMPAIGN\",\n \"campaignType\": \"MANAGER\",\n \"description\": \"A description of the campaign\"\n },\n \"completed\": true,\n \"identitiesCompleted\": 5,\n \"identitiesTotal\": 10,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"decisionsMade\": 20,\n \"decisionsTotal\": 40,\n \"due\": \"2018-10-19T13:49:37.385Z\",\n \"signed\": \"2018-10-19T13:49:37.385Z\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n },\n \"reassignment\": {\n \"from\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Certification Name\",\n \"type\": \"CERTIFICATION\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n }\n },\n \"comment\": \"Reassigned for a reason\"\n },\n \"hasErrors\": false,\n \"errorMessage\": \"The certification has an error\",\n \"phase\": \"ACTIVE\"\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Source Owner Access Review for Employees [source]\",\n \"campaign\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Campaign Name\",\n \"type\": \"CAMPAIGN\",\n \"campaignType\": \"MANAGER\",\n \"description\": \"A description of the campaign\"\n },\n \"completed\": true,\n \"identitiesCompleted\": 5,\n \"identitiesTotal\": 10,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"decisionsMade\": 20,\n \"decisionsTotal\": 40,\n \"due\": \"2018-10-19T13:49:37.385Z\",\n \"signed\": \"2018-10-19T13:49:37.385Z\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n },\n \"reassignment\": {\n \"from\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Certification Name\",\n \"type\": \"CERTIFICATION\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n }\n },\n \"comment\": \"Reassigned for a reason\"\n },\n \"hasErrors\": false,\n \"errorMessage\": \"The certification has an error\",\n \"phase\": \"ACTIVE\"\n }\n]" + }, + { + "id": "2eba9ac2-e1fc-4095-b0e2-699e15129f4f", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications?reviewer-identity=me&limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name,due", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications" + ], + "query": [ + { + "description": "The ID of reviewer identity. *me* indicates the current user.", + "key": "reviewer-identity", + "value": "me" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**id**: *eq, in*\n**campaign.id**: *eq, in*\n**phase**: *eq*\n**completed**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **name, due, signed**", + "key": "sorters", + "value": "name,due" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "7a9f0378-3039-47d5-9962-c8db145884a4", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications?reviewer-identity=me&limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name,due", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications" + ], + "query": [ + { + "description": "The ID of reviewer identity. *me* indicates the current user.", + "key": "reviewer-identity", + "value": "me" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**id**: *eq, in*\n**campaign.id**: *eq, in*\n**phase**: *eq*\n**completed**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **name, due, signed**", + "key": "sorters", + "value": "name,due" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "b08a6548-5f29-4aad-8bba-71483fc94419", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications?reviewer-identity=me&limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name,due", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications" + ], + "query": [ + { + "description": "The ID of reviewer identity. *me* indicates the current user.", + "key": "reviewer-identity", + "value": "me" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**id**: *eq, in*\n**campaign.id**: *eq, in*\n**phase**: *eq*\n**completed**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **name, due, signed**", + "key": "sorters", + "value": "name,due" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "95d34f19-2d14-445d-b81e-839df07d8c83", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications?reviewer-identity=me&limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name,due", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications" + ], + "query": [ + { + "description": "The ID of reviewer identity. *me* indicates the current user.", + "key": "reviewer-identity", + "value": "me" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**id**: *eq, in*\n**campaign.id**: *eq, in*\n**phase**: *eq*\n**completed**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **name, due, signed**", + "key": "sorters", + "value": "name,due" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "8f5ce682-7f13-4ed5-bca8-abb29865d150", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications?reviewer-identity=me&limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name,due", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications" + ], + "query": [ + { + "description": "The ID of reviewer identity. *me* indicates the current user.", + "key": "reviewer-identity", + "value": "me" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**id**: *eq, in*\n**campaign.id**: *eq, in*\n**phase**: *eq*\n**completed**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\nSorting is supported for the following fields: **name, due, signed**", + "key": "sorters", + "value": "name,due" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Identity Certification by ID", + "id": "1cdcf3d8-fa65-4010-9585-4222725fcb81", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API returns a single identity campaign certification by its ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups." + }, + "response": [ + { + "id": "c56d4317-782a-4e7b-b143-ea1ce5fab7b8", + "name": "An identity campaign certification object", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Source Owner Access Review for Employees [source]\",\n \"campaign\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Campaign Name\",\n \"type\": \"CAMPAIGN\",\n \"campaignType\": \"MANAGER\",\n \"description\": \"A description of the campaign\"\n },\n \"completed\": true,\n \"identitiesCompleted\": 5,\n \"identitiesTotal\": 10,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"decisionsMade\": 20,\n \"decisionsTotal\": 40,\n \"due\": \"2018-10-19T13:49:37.385Z\",\n \"signed\": \"2018-10-19T13:49:37.385Z\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n },\n \"reassignment\": {\n \"from\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Certification Name\",\n \"type\": \"CERTIFICATION\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n }\n },\n \"comment\": \"Reassigned for a reason\"\n },\n \"hasErrors\": false,\n \"errorMessage\": \"The certification has an error\",\n \"phase\": \"ACTIVE\"\n}" + }, + { + "id": "989f2c83-93b9-45e7-aafb-05df8cd24ae3", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "d7d8f712-7c1f-47ac-9818-5a8e0508671c", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "ef7a8654-16e1-4328-bb14-487dd645119b", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "122f9a01-a0d2-42f0-984b-1144c4472905", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "349affaa-0086-43c1-8293-da4ab5c3f2cd", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "4ef5f786-53ed-44f6-b744-c99ad6b37d2a", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "List of Access Review Items", + "id": "02902092-1fa5-4cff-8c63-27cf49135583", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-review-items?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name,-accessProfile.sourceName&entitlements=identityEntitlement&access-profiles=accessProfile1&roles=userRole", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-review-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**type / access.type**: *eq*\n\n**completed**: *eq, ne*\n\n**identitySummary.id**: *eq, in*\n\n**identitySummary.name**: *eq, sw*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**", + "key": "sorters", + "value": "access.name,-accessProfile.sourceName" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.\n\nAn error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.", + "key": "entitlements", + "value": "identityEntitlement" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.\n\nAn error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.", + "key": "access-profiles", + "value": "accessProfile1" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated role IDs.\n\nAn error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.", + "key": "roles", + "value": "userRole" + } + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API returns a list of access review items for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups." + }, + "response": [ + { + "id": "4d408f32-2cf1-4640-bfc0-16768af8cb15", + "name": "A list of access review items", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-review-items?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name,-accessProfile.sourceName&entitlements=identityEntitlement&access-profiles=accessProfile1&roles=userRole", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-review-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**type / access.type**: *eq*\n\n**completed**: *eq, ne*\n\n**identitySummary.id**: *eq, in*\n\n**identitySummary.name**: *eq, sw*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**", + "key": "sorters", + "value": "access.name,-accessProfile.sourceName" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.\n\nAn error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.", + "key": "entitlements", + "value": "identityEntitlement" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.\n\nAn error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.", + "key": "access-profiles", + "value": "accessProfile1" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated role IDs.\n\nAn error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.", + "key": "roles", + "value": "userRole" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"accessSummary\": {\n \"access\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867160846801719932c5153fb7\",\n \"name\": \"Entitlement for Company Database\"\n },\n \"entitlement\": {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n },\n \"accessProfile\": {\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"name\": \"Employee-database-read-write\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"privileged\": false,\n \"cloudGoverned\": false,\n \"endDate\": \"2021-12-25T00:00:00.000Z\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n },\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n }\n ],\n \"created\": \"2021-01-01T22:32:58.104Z\",\n \"modified\": \"2021-02-01T22:32:58.104Z\"\n },\n \"role\": {\n \"id\": \"2c91808a7190d06e0171993907fd0794\",\n \"name\": \"Accounting-Employees\",\n \"description\": \"Role for members of the accounting department with the necessary Access Profiles\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"revocable\": false,\n \"endDate\": \"2021-12-25T00:00:00.000Z\",\n \"accessProfiles\": [\n {\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"name\": \"Employee-database-read-write\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"privileged\": false,\n \"cloudGoverned\": false,\n \"endDate\": \"2021-12-25T00:00:00.000Z\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n },\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n }\n ],\n \"created\": \"2021-01-01T22:32:58.104Z\",\n \"modified\": \"2021-02-01T22:32:58.104Z\"\n },\n {\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"name\": \"Employee-database-read-write\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"privileged\": false,\n \"cloudGoverned\": false,\n \"endDate\": \"2021-12-25T00:00:00.000Z\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n },\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n }\n ],\n \"created\": \"2021-01-01T22:32:58.104Z\",\n \"modified\": \"2021-02-01T22:32:58.104Z\"\n }\n ]\n }\n },\n \"identitySummary\": {\n \"id\": \"2c91808772a504f50172a9540e501ba7\",\n \"name\": \"Alison Ferguso\",\n \"identityId\": \"2c9180857182306001719937377a33de\",\n \"completed\": true\n },\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"completed\": false,\n \"newAccess\": false,\n \"decision\": \"APPROVE\",\n \"comments\": \"This user still needs access to this source\"\n },\n {\n \"accessSummary\": {\n \"access\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867160846801719932c5153fb7\",\n \"name\": \"Entitlement for Company Database\"\n },\n \"entitlement\": {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n },\n \"accessProfile\": {\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"name\": \"Employee-database-read-write\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"privileged\": false,\n \"cloudGoverned\": false,\n \"endDate\": \"2021-12-25T00:00:00.000Z\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n },\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n }\n ],\n \"created\": \"2021-01-01T22:32:58.104Z\",\n \"modified\": \"2021-02-01T22:32:58.104Z\"\n },\n \"role\": {\n \"id\": \"2c91808a7190d06e0171993907fd0794\",\n \"name\": \"Accounting-Employees\",\n \"description\": \"Role for members of the accounting department with the necessary Access Profiles\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"revocable\": false,\n \"endDate\": \"2021-12-25T00:00:00.000Z\",\n \"accessProfiles\": [\n {\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"name\": \"Employee-database-read-write\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"privileged\": false,\n \"cloudGoverned\": false,\n \"endDate\": \"2021-12-25T00:00:00.000Z\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n },\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n }\n ],\n \"created\": \"2021-01-01T22:32:58.104Z\",\n \"modified\": \"2021-02-01T22:32:58.104Z\"\n },\n {\n \"id\": \"2c91808a7190d06e01719938fcd20792\",\n \"name\": \"Employee-database-read-write\",\n \"description\": \"Collection of entitlements to read/write the employee database\",\n \"privileged\": false,\n \"cloudGoverned\": false,\n \"endDate\": \"2021-12-25T00:00:00.000Z\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n },\n {\n \"id\": \"2c918085718230600171993742c63558\",\n \"name\": \"CN=entitlement.bbb7c650\",\n \"description\": \"Gives read/write access to the company database\",\n \"privileged\": false,\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=entitlement.bbb7c650\",\n \"sourceSchemaObjectType\": \"groups\",\n \"sourceName\": \"ODS-AD-Source\",\n \"sourceType\": \"Active Directory - Direct\",\n \"hasPermissions\": false,\n \"isPermission\": false,\n \"revocable\": true,\n \"cloudGoverned\": false,\n \"account\": {\n \"nativeIdentity\": \"CN=Alison Ferguso\",\n \"disabled\": false,\n \"locked\": false,\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180857182305e0171993737eb29e6\",\n \"name\": \"Alison Ferguso\",\n \"created\": \"2020-04-20T20:11:05.067Z\",\n \"modified\": \"2020-05-20T18:57:16.987Z\"\n }\n }\n ],\n \"created\": \"2021-01-01T22:32:58.104Z\",\n \"modified\": \"2021-02-01T22:32:58.104Z\"\n }\n ]\n }\n },\n \"identitySummary\": {\n \"id\": \"2c91808772a504f50172a9540e501ba7\",\n \"name\": \"Alison Ferguso\",\n \"identityId\": \"2c9180857182306001719937377a33de\",\n \"completed\": true\n },\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"completed\": false,\n \"newAccess\": false,\n \"decision\": \"APPROVE\",\n \"comments\": \"This user still needs access to this source\"\n }\n]" + }, + { + "id": "017c7bb1-ddd5-44fe-8172-8e8c99f05bcd", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-review-items?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name,-accessProfile.sourceName&entitlements=identityEntitlement&access-profiles=accessProfile1&roles=userRole", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-review-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**type / access.type**: *eq*\n\n**completed**: *eq, ne*\n\n**identitySummary.id**: *eq, in*\n\n**identitySummary.name**: *eq, sw*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**", + "key": "sorters", + "value": "access.name,-accessProfile.sourceName" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.\n\nAn error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.", + "key": "entitlements", + "value": "identityEntitlement" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.\n\nAn error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.", + "key": "access-profiles", + "value": "accessProfile1" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated role IDs.\n\nAn error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.", + "key": "roles", + "value": "userRole" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "b710d3a2-771f-49c3-959e-b872a70ce768", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-review-items?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name,-accessProfile.sourceName&entitlements=identityEntitlement&access-profiles=accessProfile1&roles=userRole", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-review-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**type / access.type**: *eq*\n\n**completed**: *eq, ne*\n\n**identitySummary.id**: *eq, in*\n\n**identitySummary.name**: *eq, sw*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**", + "key": "sorters", + "value": "access.name,-accessProfile.sourceName" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.\n\nAn error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.", + "key": "entitlements", + "value": "identityEntitlement" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.\n\nAn error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.", + "key": "access-profiles", + "value": "accessProfile1" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated role IDs.\n\nAn error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.", + "key": "roles", + "value": "userRole" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "c7ace8b2-7c4c-46ee-868d-f647a4faf6d7", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-review-items?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name,-accessProfile.sourceName&entitlements=identityEntitlement&access-profiles=accessProfile1&roles=userRole", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-review-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**type / access.type**: *eq*\n\n**completed**: *eq, ne*\n\n**identitySummary.id**: *eq, in*\n\n**identitySummary.name**: *eq, sw*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**", + "key": "sorters", + "value": "access.name,-accessProfile.sourceName" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.\n\nAn error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.", + "key": "entitlements", + "value": "identityEntitlement" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.\n\nAn error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.", + "key": "access-profiles", + "value": "accessProfile1" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated role IDs.\n\nAn error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.", + "key": "roles", + "value": "userRole" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "117a9ae6-0118-46f3-9dd5-7843fdd28f94", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-review-items?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name,-accessProfile.sourceName&entitlements=identityEntitlement&access-profiles=accessProfile1&roles=userRole", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-review-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**type / access.type**: *eq*\n\n**completed**: *eq, ne*\n\n**identitySummary.id**: *eq, in*\n\n**identitySummary.name**: *eq, sw*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**", + "key": "sorters", + "value": "access.name,-accessProfile.sourceName" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.\n\nAn error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.", + "key": "entitlements", + "value": "identityEntitlement" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.\n\nAn error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.", + "key": "access-profiles", + "value": "accessProfile1" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated role IDs.\n\nAn error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.", + "key": "roles", + "value": "userRole" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "d5e0302b-40aa-4fb6-97a5-9d9161619b95", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-review-items?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name,-accessProfile.sourceName&entitlements=identityEntitlement&access-profiles=accessProfile1&roles=userRole", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-review-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**type / access.type**: *eq*\n\n**completed**: *eq, ne*\n\n**identitySummary.id**: *eq, in*\n\n**identitySummary.name**: *eq, sw*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**", + "key": "sorters", + "value": "access.name,-accessProfile.sourceName" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.\n\nAn error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.", + "key": "entitlements", + "value": "identityEntitlement" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.\n\nAn error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.", + "key": "access-profiles", + "value": "accessProfile1" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated role IDs.\n\nAn error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.", + "key": "roles", + "value": "userRole" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "18380613-3348-4823-8cfa-0931c1ea00ee", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-review-items?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name,-accessProfile.sourceName&entitlements=identityEntitlement&access-profiles=accessProfile1&roles=userRole", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-review-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**type / access.type**: *eq*\n\n**completed**: *eq, ne*\n\n**identitySummary.id**: *eq, in*\n\n**identitySummary.name**: *eq, sw*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName**", + "key": "sorters", + "value": "access.name,-accessProfile.sourceName" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.\n\nAn error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time.", + "key": "entitlements", + "value": "identityEntitlement" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.\n\nAn error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time.", + "key": "access-profiles", + "value": "accessProfile1" + }, + { + "description": "Filter results to view access review items that pertain to any of the specified comma-separated role IDs.\n\nAn error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time.", + "key": "roles", + "value": "userRole" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Decide on a Certification Item", + "id": "8413bae1-8494-403d-a502-e4ec04ec67cc", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"id\": \"ef38f94347e94562b5bb8424a56396b5\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source.\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source too.\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/decide", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decide" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "The API makes a decision to approve or revoke one or more identity campaign certification items. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups." + }, + "response": [ + { + "id": "d9956f2d-b43a-4a5a-85a7-cfd4f7c87ad7", + "name": "An identity campaign certification object", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"id\": \"ef38f94347e94562b5bb8424a56396b5\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source.\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source too.\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/decide", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decide" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Source Owner Access Review for Employees [source]\",\n \"campaign\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Campaign Name\",\n \"type\": \"CAMPAIGN\",\n \"campaignType\": \"MANAGER\",\n \"description\": \"A description of the campaign\"\n },\n \"completed\": true,\n \"identitiesCompleted\": 5,\n \"identitiesTotal\": 10,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"decisionsMade\": 20,\n \"decisionsTotal\": 40,\n \"due\": \"2018-10-19T13:49:37.385Z\",\n \"signed\": \"2018-10-19T13:49:37.385Z\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n },\n \"reassignment\": {\n \"from\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Certification Name\",\n \"type\": \"CERTIFICATION\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n }\n },\n \"comment\": \"Reassigned for a reason\"\n },\n \"hasErrors\": false,\n \"errorMessage\": \"The certification has an error\",\n \"phase\": \"ACTIVE\"\n}" + }, + { + "id": "1f27e6f4-8d18-4258-bcce-4b02dc8efc03", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"id\": \"ef38f94347e94562b5bb8424a56396b5\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source.\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source too.\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/decide", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decide" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "34de2d3b-2ef8-4b6b-9b9c-90727b28c08a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"id\": \"ef38f94347e94562b5bb8424a56396b5\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source.\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source too.\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/decide", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decide" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "437ee758-f883-4f0c-b16d-a70ecc7a87b2", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"id\": \"ef38f94347e94562b5bb8424a56396b5\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source.\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source too.\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/decide", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decide" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "07d235a4-9d91-4a77-9df0-707cb5c50667", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"id\": \"ef38f94347e94562b5bb8424a56396b5\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source.\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source too.\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/decide", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decide" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "c4b0b2cf-f046-4879-a3c1-c71149722e0f", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"id\": \"ef38f94347e94562b5bb8424a56396b5\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source.\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source too.\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/decide", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decide" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "6f549065-6e11-42d4-a4ab-750ef6e5b4da", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"id\": \"ef38f94347e94562b5bb8424a56396b5\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source.\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"decision\": \"APPROVE\",\n \"bulk\": true,\n \"comments\": \"This user still needs access to this source too.\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/decide", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decide" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Reassign Identities or Items", + "id": "80ce8fe8-8bff-4a45-8bfb-afec33162c9c", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"reassign\": [\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n }\n ],\n \"reassignTo\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"reason\": \"reassigned for some reason\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/reassign", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "reassign" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API reassigns up to 50 identities or items in an identity campaign certification to another reviewer. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups." + }, + "response": [ + { + "id": "be5e7541-a446-40c7-8bb2-cd41aeb340cf", + "name": "An identity campaign certification details after completing the reassignment.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"reassign\": [\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n }\n ],\n \"reassignTo\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"reason\": \"reassigned for some reason\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/reassign", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "reassign" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Source Owner Access Review for Employees [source]\",\n \"campaign\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Campaign Name\",\n \"type\": \"CAMPAIGN\",\n \"campaignType\": \"MANAGER\",\n \"description\": \"A description of the campaign\"\n },\n \"completed\": true,\n \"identitiesCompleted\": 5,\n \"identitiesTotal\": 10,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"decisionsMade\": 20,\n \"decisionsTotal\": 40,\n \"due\": \"2018-10-19T13:49:37.385Z\",\n \"signed\": \"2018-10-19T13:49:37.385Z\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n },\n \"reassignment\": {\n \"from\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Certification Name\",\n \"type\": \"CERTIFICATION\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n }\n },\n \"comment\": \"Reassigned for a reason\"\n },\n \"hasErrors\": false,\n \"errorMessage\": \"The certification has an error\",\n \"phase\": \"ACTIVE\"\n}" + }, + { + "id": "e595692a-2134-4792-a65a-68a809274f5a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"reassign\": [\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n }\n ],\n \"reassignTo\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"reason\": \"reassigned for some reason\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/reassign", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "reassign" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "3475e02d-b4d8-49a8-9be1-6b7018aeadee", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"reassign\": [\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n }\n ],\n \"reassignTo\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"reason\": \"reassigned for some reason\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/reassign", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "reassign" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "ab7d1825-faf0-46f6-8660-0203db3b818b", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"reassign\": [\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n }\n ],\n \"reassignTo\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"reason\": \"reassigned for some reason\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/reassign", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "reassign" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "2347cbeb-4fc5-4cf1-85df-afd1b28d8af5", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"reassign\": [\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n }\n ],\n \"reassignTo\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"reason\": \"reassigned for some reason\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/reassign", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "reassign" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "b551520d-0b19-478a-a417-47764c204148", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"reassign\": [\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n }\n ],\n \"reassignTo\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"reason\": \"reassigned for some reason\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/reassign", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "reassign" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "77fdfbe8-72d2-4ed6-b406-21373cbbf00b", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"reassign\": [\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"type\": \"ITEM\"\n }\n ],\n \"reassignTo\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"reason\": \"reassigned for some reason\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/certifications/:id/reassign", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "reassign" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Finalize Identity Certification Decisions", + "id": "33f92e46-eb39-4c0b-9262-e84e66e63f59", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/sign-off", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "sign-off" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups." + }, + "response": [ + { + "id": "fc05107e-22cc-417a-803b-9968e14b8ebc", + "name": "An identity campaign certification object", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/sign-off", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "sign-off" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Source Owner Access Review for Employees [source]\",\n \"campaign\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Campaign Name\",\n \"type\": \"CAMPAIGN\",\n \"campaignType\": \"MANAGER\",\n \"description\": \"A description of the campaign\"\n },\n \"completed\": true,\n \"identitiesCompleted\": 5,\n \"identitiesTotal\": 10,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"decisionsMade\": 20,\n \"decisionsTotal\": 40,\n \"due\": \"2018-10-19T13:49:37.385Z\",\n \"signed\": \"2018-10-19T13:49:37.385Z\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n },\n \"reassignment\": {\n \"from\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Certification Name\",\n \"type\": \"CERTIFICATION\",\n \"reviewer\": {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"name\": \"Reviewer Name\",\n \"email\": \"reviewer@test.com\",\n \"type\": \"IDENTITY\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\"\n }\n },\n \"comment\": \"Reassigned for a reason\"\n },\n \"hasErrors\": false,\n \"errorMessage\": \"The certification has an error\",\n \"phase\": \"ACTIVE\"\n}" + }, + { + "id": "8ec6b11d-9605-4979-8f00-d28c6b66ca4f", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/sign-off", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "sign-off" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "dfdba624-1515-4760-86c3-c94c71f6c678", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/sign-off", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "sign-off" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "7f0185df-1076-437c-a81c-c4b88f97f8ea", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/sign-off", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "sign-off" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "5bc2b300-5bc7-474d-bdbe-fda0d329d0a3", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/sign-off", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "sign-off" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "713db70e-9cfb-4f98-bb76-e2df695f1991", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/sign-off", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "sign-off" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "81022c19-2003-4b9e-8479-a92a5f05547f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/sign-off", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "sign-off" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "4015ec99-62a9-4cd2-bab3-8308fca16928", + "description": "Use this API to implement certification functionality. \nWith this functionality in place, administrators and designated certification reviewers can review users' access certifications and decide whether to approve access, revoke it, or reassign the review to another reviewer. \nImplementing certifications improves organizations' data security by reducing inappropriate access through a distributed review process and helping them satisfy audit and regulatory requirements. \n\nA certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. \nThese serve as a way of showing that a user's access has been reviewed and approved. \nMultiple certifications by different reviewers are often required to approve a user's access. \nA set of multiple certifications is called a certification campaign.\n\nFor example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. \nOnce this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. \n\nOrganization administrators or certification administrators can designate other IdentityNow users as certification reviewers. \nThose reviewers can select the 'Certifications' tab to view any of the certifications they either need to review or have already reviewed under the 'Active' and 'Completed' tabs, respectively. \n\nWhen a certification campaign is in progress, certification reviewers will see certifications listed under 'Active,' where they can review the involved identities. \nUnder the 'Decision' column on the right, next to each access item, reviewers can select the checkmark to approve access, select the 'X' to revoke access, or they can toggle the 'More Options' menu to reassign the certification to another reviewer and provide a reason for reassignment in the form of a comment. \n\nOnce a reviewer has made decisions on all the certification's involved access items, he or she must select 'Sign Off' to complete the review process.\nDoing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. \n\nOnce all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation.\nIn this situation, the certification campaign completes once all the remediation requests are completed. \n\nRefer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) for more information about certifications.\n" + }, + { + "name": "Certification Summaries", + "item": [ + { + "name": "Summary of Certification Decisions", + "id": "2d56c6f0-89fa-4905-a469-9e2f36cc4ddf", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/decision-summary?filters=identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decision-summary" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**identitySummary.id**: *eq, in*", + "key": "filters", + "value": "identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + } + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized by type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API." + }, + "response": [ + { + "id": "4b44cd8a-6234-4a2d-865c-00c73b06f0bf", + "name": "Summary of the decisions made", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/decision-summary?filters=identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decision-summary" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**identitySummary.id**: *eq, in*", + "key": "filters", + "value": "identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"entitlementDecisionsMade\": 3,\n \"accessProfileDecisionsMade\": 5,\n \"roleDecisionsMade\": 2,\n \"accountDecisionsMade\": 4,\n \"entitlementDecisionsTotal\": 6,\n \"accessProfileDecisionsTotal\": 10,\n \"roleDecisionsTotal\": 4,\n \"accountDecisionsTotal\": 8,\n \"entitlementsApproved\": 2,\n \"entitlementsRevoked\": 1,\n \"accessProfilesApproved\": 3,\n \"accessProfilesRevoked\": 2,\n \"rolesApproved\": 2,\n \"rolesRevoked\": 0,\n \"accountsApproved\": 1,\n \"accountsRevoked\": 3\n}" + }, + { + "id": "843b3243-58fb-43e4-99b1-09ed3782b31f", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/decision-summary?filters=identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decision-summary" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**identitySummary.id**: *eq, in*", + "key": "filters", + "value": "identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "0022d1e7-8d6a-4e55-99c7-89de3c648662", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/decision-summary?filters=identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decision-summary" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**identitySummary.id**: *eq, in*", + "key": "filters", + "value": "identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "02a762e6-0685-4688-96b3-2d33b959fd09", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/decision-summary?filters=identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decision-summary" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**identitySummary.id**: *eq, in*", + "key": "filters", + "value": "identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "b5aaa698-a296-4c35-b7b4-7ca48041b84d", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/decision-summary?filters=identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decision-summary" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**identitySummary.id**: *eq, in*", + "key": "filters", + "value": "identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "ad372051-ca94-4475-ad83-35a15194a8ae", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/decision-summary?filters=identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decision-summary" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**identitySummary.id**: *eq, in*", + "key": "filters", + "value": "identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "71bf7400-5284-48df-88a4-daeda2864179", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/decision-summary?filters=identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "decision-summary" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**identitySummary.id**: *eq, in*", + "key": "filters", + "value": "identitySummary.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Identity Summaries for Campaign Certification", + "id": "7319ee28-29d9-42e0-8281-5cbbc3efc049", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summaries?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summaries" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**completed**: *eq, ne*\n\n**name**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API returns a list of the identity summaries for a specific identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API." + }, + "response": [ + { + "id": "6f782a72-211a-4a01-9e84-a6d16f77d4f4", + "name": "List of identity summaries", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summaries?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summaries" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**completed**: *eq, ne*\n\n**name**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c91808772a504f50172a9540e501ba7\",\n \"name\": \"Aaron Grey\",\n \"identityId\": \"2c9180857182306001719937379633e4\",\n \"completed\": false\n },\n {\n \"id\": \"2c91808772a504f50172a9540e501ba8\",\n \"name\": \"Aglae Wilson\",\n \"identityId\": \"2c9180857182306001719937377a33de\",\n \"completed\": true\n }\n]" + }, + { + "id": "78211f40-73ed-4ff6-99f3-935289e9cc2a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summaries?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summaries" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**completed**: *eq, ne*\n\n**name**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "0a7683cf-a393-4e96-9eb0-a6cf7bf67437", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summaries?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summaries" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**completed**: *eq, ne*\n\n**name**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "c8071a9d-c75e-43fd-a480-077a41eafb57", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summaries?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summaries" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**completed**: *eq, ne*\n\n**name**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "e3d50101-3d17-4d08-a372-b333a6194258", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summaries?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summaries" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**completed**: *eq, ne*\n\n**name**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "79104c78-1254-4d72-ac31-433384310d3d", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summaries?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summaries" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**completed**: *eq, ne*\n\n**name**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "6590813f-e575-42d9-810c-b1e30d27c35f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summaries?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summaries" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**completed**: *eq, ne*\n\n**name**: *eq, sw*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Access Summaries", + "id": "77164fbf-86f6-44b2-84b7-4c1d87b042a0", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-summaries/:type?limit=250&offset=0&count=true&filters=access.id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-summaries", + ":type" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**completed**: *eq, ne*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "access.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name**", + "key": "sorters", + "value": "access.name" + } + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "key": "type", + "value": "ACCESS_PROFILE" + } + ] + }, + "description": "This API returns a list of access summaries for the specified identity campaign certification and type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API." + }, + "response": [ + { + "id": "fd8a1df9-6341-4e18-bf5f-f7983ca91c43", + "name": "List of access summaries", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-summaries/:type?limit=250&offset=0&count=true&filters=access.id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-summaries", + ":type" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**completed**: *eq, ne*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "access.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name**", + "key": "sorters", + "value": "access.name" + } + ], + "variable": [ + { + "key": "id" + }, + { + "key": "type" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"access\": {\n \"type\": \"ENTITLEMENT\",\n \"id\": \"2c9180857182305e01719937429e2bad\",\n \"name\": \"CN=Engineering\"\n },\n \"entitlement\": {\n \"id\": \"2c9180857182305e01719937429e2bad\",\n \"name\": \"CN=Engineering\",\n \"description\": \"Access to the engineering database\",\n \"privileged\": false,\n \"owner\": {\n \"email\": \"brandon.gray@acme-solar.com\",\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867160846801719932c5153fb7\",\n \"name\": \"Brandon Gray\"\n },\n \"attributeName\": \"memberOf\",\n \"attributeValue\": \"CN=Engineering\",\n \"sourceName\": \"ODS-AD-Source\",\n \"hasPermissions\": true,\n \"revocable\": true\n }\n }\n]" + }, + { + "id": "b0b7b200-f30d-4afc-9048-cdf7385655d1", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-summaries/:type?limit=250&offset=0&count=true&filters=access.id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-summaries", + ":type" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**completed**: *eq, ne*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "access.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name**", + "key": "sorters", + "value": "access.name" + } + ], + "variable": [ + { + "key": "id" + }, + { + "key": "type" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "b234a0b6-c148-47b8-b9ee-fc987eb0b783", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-summaries/:type?limit=250&offset=0&count=true&filters=access.id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-summaries", + ":type" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**completed**: *eq, ne*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "access.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name**", + "key": "sorters", + "value": "access.name" + } + ], + "variable": [ + { + "key": "id" + }, + { + "key": "type" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "9b928c10-32ed-4b7d-be03-d10b8021bd27", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-summaries/:type?limit=250&offset=0&count=true&filters=access.id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-summaries", + ":type" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**completed**: *eq, ne*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "access.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name**", + "key": "sorters", + "value": "access.name" + } + ], + "variable": [ + { + "key": "id" + }, + { + "key": "type" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "862d28c9-82dd-4a73-bc2f-81a71259edcb", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-summaries/:type?limit=250&offset=0&count=true&filters=access.id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-summaries", + ":type" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**completed**: *eq, ne*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "access.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name**", + "key": "sorters", + "value": "access.name" + } + ], + "variable": [ + { + "key": "id" + }, + { + "key": "type" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "1a313c48-6787-4a78-84e6-b0260beaec84", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-summaries/:type?limit=250&offset=0&count=true&filters=access.id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-summaries", + ":type" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**completed**: *eq, ne*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "access.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name**", + "key": "sorters", + "value": "access.name" + } + ], + "variable": [ + { + "key": "id" + }, + { + "key": "type" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "7e8aaab6-af04-48d0-a40b-442eb8efad95", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/access-summaries/:type?limit=250&offset=0&count=true&filters=access.id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=access.name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "access-summaries", + ":type" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**completed**: *eq, ne*\n\n**access.id**: *eq, in*\n\n**access.name**: *eq, sw*\n\n**entitlement.sourceName**: *eq, sw*\n\n**accessProfile.sourceName**: *eq, sw*", + "key": "filters", + "value": "access.id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **access.name**", + "key": "sorters", + "value": "access.name" + } + ], + "variable": [ + { + "key": "id" + }, + { + "key": "type" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Summary for Identity", + "id": "914f790a-bfe5-4d44-99b8-f2ce3b6ad993", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summary/:identitySummaryId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summary", + ":identitySummaryId" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "key": "identitySummaryId", + "value": "2c91808772a504f50172a9540e501ba8" + } + ] + }, + "description": "This API returns the summary for an identity on a specified identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API." + }, + "response": [ + { + "id": "d12b35a0-4247-4adf-a4f6-c709a9d49f70", + "name": "An identity summary", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summary/:identitySummaryId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summary", + ":identitySummaryId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "identitySummaryId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808772a504f50172a9540e501ba7\",\n \"name\": \"Alison Ferguso\",\n \"identityId\": \"2c9180857182306001719937377a33de\",\n \"completed\": true\n}" + }, + { + "id": "91e274b2-9e10-4bb0-b055-7548f01dbefd", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summary/:identitySummaryId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summary", + ":identitySummaryId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "identitySummaryId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "ecefff8e-8a82-4fa0-9d71-ca1996e2b763", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summary/:identitySummaryId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summary", + ":identitySummaryId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "identitySummaryId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "8918abbb-e205-4e5d-a0f0-9db01945ae59", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summary/:identitySummaryId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summary", + ":identitySummaryId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "identitySummaryId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "41e1241b-ea00-4fcb-a422-30e136a1d547", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summary/:identitySummaryId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summary", + ":identitySummaryId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "identitySummaryId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "93e0e04c-6d3d-46a6-88d6-e5c5bd209fd2", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summary/:identitySummaryId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summary", + ":identitySummaryId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "identitySummaryId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "e87307b1-38a0-498e-b39d-7cd891388c5e", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/certifications/:id/identity-summary/:identitySummaryId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "certifications", + ":id", + "identity-summary", + ":identitySummaryId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "identitySummaryId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "f2cc6a99-96e2-4b73-bef2-2029c2d90153", + "description": "Use this API to implement certification summary functionality. \nWith this functionality in place, administrators and designated certification reviewers can review summaries of identity certification campaigns and draw conclusions about the campaigns' scope, security, and effectiveness. \nImplementing certification summary functionality improves organizations' ability to review their [certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) and helps them satisfy audit and regulatory requirements by enabling them to trace access changes and the decisions made in their review processes. \n\nA certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. \nThese certifications serve as a way of showing that a user's access has been reviewed and approved. \nMultiple certifications by different reviewers are often required to approve a user's access. \nA set of multiple certifications is called a certification campaign. \n\nFor example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. \nOnce this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. \n\nCertification summaries provide information about identity certification campaigns such as the identities involved, the number of decisions made, and the access changed. \nFor example, an administrator or designated certification reviewer can examine the Manager Certification campaign to get an overview of how many entitlement decisions are made in that campaign as opposed to role decisions, which identities would be affected by changes to the campaign, and how those identities' access would be affected. \n" + }, + { + "name": "Lifecycle States", + "item": [ + { + "name": "Set Lifecycle State", + "id": "a96cdc5b-a4c9-48e1-b872-43b80ec6cae4", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"lifecycleStateId\": \"2c9180877a86e408017a8c19fefe046c\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identities/:identity-id/set-lifecycle-state", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identities", + ":identity-id", + "set-lifecycle-state" + ], + "variable": [ + { + "key": "identity-id", + "value": "2c9180857893f1290178944561990364" + } + ] + }, + "description": "This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding Identity Profile.\nA token with ORG_ADMIN or API authority is required to call this API." + }, + "response": [ + { + "id": "592198e2-2716-4f02-8a69-80511f283b07", + "name": "The request was successfully accepted into the system.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"lifecycleStateId\": \"2c9180877a86e408017a8c19fefe046c\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identities/:identity-id/set-lifecycle-state", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identities", + ":identity-id", + "set-lifecycle-state" + ], + "variable": [ + { + "key": "identity-id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"accountActivityId\": \"2c9180837ab5b716017ab7c6c9ef1e20\"\n}" + }, + { + "id": "cb4c181a-9048-45ef-9cea-7f9687483c2e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"lifecycleStateId\": \"2c9180877a86e408017a8c19fefe046c\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identities/:identity-id/set-lifecycle-state", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identities", + ":identity-id", + "set-lifecycle-state" + ], + "variable": [ + { + "key": "identity-id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "f71974ec-f3c2-447a-bf50-bf1d6ab51812", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"lifecycleStateId\": \"2c9180877a86e408017a8c19fefe046c\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identities/:identity-id/set-lifecycle-state", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identities", + ":identity-id", + "set-lifecycle-state" + ], + "variable": [ + { + "key": "identity-id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "8b85d95a-f5fc-4201-9774-2851f9a6b8b9", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"lifecycleStateId\": \"2c9180877a86e408017a8c19fefe046c\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identities/:identity-id/set-lifecycle-state", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identities", + ":identity-id", + "set-lifecycle-state" + ], + "variable": [ + { + "key": "identity-id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "8a6753ec-c6ed-4219-8368-0b10a3172201", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"lifecycleStateId\": \"2c9180877a86e408017a8c19fefe046c\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identities/:identity-id/set-lifecycle-state", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identities", + ":identity-id", + "set-lifecycle-state" + ], + "variable": [ + { + "key": "identity-id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "d8f08025-86b1-40ac-9591-493d56a6f4a9", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"lifecycleStateId\": \"2c9180877a86e408017a8c19fefe046c\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identities/:identity-id/set-lifecycle-state", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identities", + ":identity-id", + "set-lifecycle-state" + ], + "variable": [ + { + "key": "identity-id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "9250adc4-b4cf-4fd7-91bf-482638a710ec", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"lifecycleStateId\": \"2c9180877a86e408017a8c19fefe046c\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identities/:identity-id/set-lifecycle-state", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identities", + ":identity-id", + "set-lifecycle-state" + ], + "variable": [ + { + "key": "identity-id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Lists LifecycleStates", + "id": "e367f965-9eb7-49f3-94e0-fce3ccae3c14", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states?limit=250&offset=0&count=true&sorters=created,modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created,modified" + } + ], + "variable": [ + { + "key": "identity-profile-id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This end-point lists all the LifecycleStates associated with IdentityProfiles.\nA token with API, or ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "44bcca4c-3370-411c-a09a-7e27505d7ff4", + "name": "List of LifecycleState objects", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states?limit=250&offset=0&count=true&sorters=created,modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created,modified" + } + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n]" + }, + { + "id": "ad2801ad-cd52-40af-89b0-17505f2a477c", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states?limit=250&offset=0&count=true&sorters=created,modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created,modified" + } + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "bd3d97a7-9591-4279-8e31-e8d534034ef5", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states?limit=250&offset=0&count=true&sorters=created,modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created,modified" + } + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "7696d022-70c2-48a8-b6f0-fc6342b99825", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states?limit=250&offset=0&count=true&sorters=created,modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created,modified" + } + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "750db3a0-a5b7-4371-8c71-46ddc09002d1", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states?limit=250&offset=0&count=true&sorters=created,modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created,modified" + } + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "898058fb-c74c-4ad9-9167-f1d370a7d014", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states?limit=250&offset=0&count=true&sorters=created,modified", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created,modified" + } + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create Lifecycle State", + "id": "aacbc4d4-228e-49cf-be41-4babfcce9776", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "variable": [ + { + "key": "identity-profile-id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API creates a new Lifecycle State.\nA token with ORG_ADMIN or API authority is required to call this API." + }, + "response": [ + { + "id": "1a13f0f5-a8c9-4fa8-b4a8-2aff72961f9f", + "name": "Created LifecycleState object.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}" + }, + { + "id": "454bc4a9-8707-400f-a781-745dd059f08f", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "4a4c76bb-70d4-4538-9eed-c2299807eb84", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "a10e1b35-9992-4d8e-8e05-f3d447c8702d", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "280ae468-95d9-44ad-bdcb-8e4cc6daef7a", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "fb162b10-53cb-423a-99f9-328844332e1e", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Retrieves Lifecycle State", + "id": "adca8d04-8806-4777-81d9-be7340d64372", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id", + "value": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + { + "key": "lifecycle-state-id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This endpoint retrieves a Lifecycle State.\nA token with ORG_ADMIN or API authority is required to call this API." + }, + "response": [ + { + "id": "b456b3cc-0e67-4693-87fc-05db433d66e7", + "name": "The requested LifecycleState was successfully retrieved.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}" + }, + { + "id": "6aad5aa9-4197-4ab6-9c06-f5c40d1bdfb4", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5f0f0b31-aa25-40d5-b301-9e06591b342f", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "3ff330ec-8e00-45d1-b765-5af042e8550a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "fafc33d1-1b72-41ea-b990-9116dbcd9f3f", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "cf7c9933-c8c0-4620-9e92-8e641038d9c4", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "c9b06e09-9952-4b40-b753-76f6650d8d32", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Lifecycle State", + "id": "6f608166-b849-4276-b03f-4df639c7adda", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"Updated description!\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accessProfileIds\",\n \"value\": [\n \"2c918087742bab150174407a80f3125e\",\n \"2c918087742bab150174407a80f3124f\"\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accountActions\",\n \"value\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c9180846a2f82fb016a481c1b1560c5\",\n \"2c9180846a2f82fb016a481c1b1560cc\"\n ]\n },\n {\n \"action\": \"DISABLE\",\n \"sourceIds\": [\n \"2c91808869a0c9980169a207258513fb\"\n ]\n }\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/emailNotificationOption\",\n \"value\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": false,\n \"notifySpecificUsers\": false,\n \"emailAddressList\": []\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id", + "value": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + { + "key": "lifecycle-state-id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This endpoint updates individual Lifecycle State fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\nA token with ORG_ADMIN or API authority is required to call this API." + }, + "response": [ + { + "id": "12806984-bd99-4ac4-b96f-f67ec30cefe3", + "name": "The LifecycleState was successfully updated.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"Updated description!\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accessProfileIds\",\n \"value\": [\n \"2c918087742bab150174407a80f3125e\",\n \"2c918087742bab150174407a80f3124f\"\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accountActions\",\n \"value\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c9180846a2f82fb016a481c1b1560c5\",\n \"2c9180846a2f82fb016a481c1b1560cc\"\n ]\n },\n {\n \"action\": \"DISABLE\",\n \"sourceIds\": [\n \"2c91808869a0c9980169a207258513fb\"\n ]\n }\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/emailNotificationOption\",\n \"value\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": false,\n \"notifySpecificUsers\": false,\n \"emailAddressList\": []\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"aName\",\n \"technicalName\": \"Technical Name\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"enabled\": true,\n \"description\": \"Lifecycle description\",\n \"identityCount\": 42,\n \"emailNotificationOption\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": true,\n \"notifySpecificUsers\": true,\n \"emailAddressList\": [\n \"test@test.com\",\n \"test2@test.com\"\n ]\n },\n \"accountActions\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n },\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n }\n ],\n \"accessProfileIds\": [\n \"2c918084660f45d6016617daa9210584\",\n \"2c918084660f45d6016617daa9210500\"\n ]\n}" + }, + { + "id": "b8b23043-0c84-4429-81c0-e54f14b4097d", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"Updated description!\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accessProfileIds\",\n \"value\": [\n \"2c918087742bab150174407a80f3125e\",\n \"2c918087742bab150174407a80f3124f\"\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accountActions\",\n \"value\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c9180846a2f82fb016a481c1b1560c5\",\n \"2c9180846a2f82fb016a481c1b1560cc\"\n ]\n },\n {\n \"action\": \"DISABLE\",\n \"sourceIds\": [\n \"2c91808869a0c9980169a207258513fb\"\n ]\n }\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/emailNotificationOption\",\n \"value\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": false,\n \"notifySpecificUsers\": false,\n \"emailAddressList\": []\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "08bcf3b1-cf6c-4a3b-9a97-10444c692709", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"Updated description!\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accessProfileIds\",\n \"value\": [\n \"2c918087742bab150174407a80f3125e\",\n \"2c918087742bab150174407a80f3124f\"\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accountActions\",\n \"value\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c9180846a2f82fb016a481c1b1560c5\",\n \"2c9180846a2f82fb016a481c1b1560cc\"\n ]\n },\n {\n \"action\": \"DISABLE\",\n \"sourceIds\": [\n \"2c91808869a0c9980169a207258513fb\"\n ]\n }\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/emailNotificationOption\",\n \"value\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": false,\n \"notifySpecificUsers\": false,\n \"emailAddressList\": []\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "11cb36e7-e9e5-45ce-a85f-33ab684daede", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"Updated description!\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accessProfileIds\",\n \"value\": [\n \"2c918087742bab150174407a80f3125e\",\n \"2c918087742bab150174407a80f3124f\"\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accountActions\",\n \"value\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c9180846a2f82fb016a481c1b1560c5\",\n \"2c9180846a2f82fb016a481c1b1560cc\"\n ]\n },\n {\n \"action\": \"DISABLE\",\n \"sourceIds\": [\n \"2c91808869a0c9980169a207258513fb\"\n ]\n }\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/emailNotificationOption\",\n \"value\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": false,\n \"notifySpecificUsers\": false,\n \"emailAddressList\": []\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "fcc3e2ab-8611-4e27-aad1-71bde0f1fd4a", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"Updated description!\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accessProfileIds\",\n \"value\": [\n \"2c918087742bab150174407a80f3125e\",\n \"2c918087742bab150174407a80f3124f\"\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accountActions\",\n \"value\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c9180846a2f82fb016a481c1b1560c5\",\n \"2c9180846a2f82fb016a481c1b1560cc\"\n ]\n },\n {\n \"action\": \"DISABLE\",\n \"sourceIds\": [\n \"2c91808869a0c9980169a207258513fb\"\n ]\n }\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/emailNotificationOption\",\n \"value\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": false,\n \"notifySpecificUsers\": false,\n \"emailAddressList\": []\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "65cc5f7a-1c0d-46d7-a223-576c5d90b505", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"Updated description!\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accessProfileIds\",\n \"value\": [\n \"2c918087742bab150174407a80f3125e\",\n \"2c918087742bab150174407a80f3124f\"\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accountActions\",\n \"value\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c9180846a2f82fb016a481c1b1560c5\",\n \"2c9180846a2f82fb016a481c1b1560cc\"\n ]\n },\n {\n \"action\": \"DISABLE\",\n \"sourceIds\": [\n \"2c91808869a0c9980169a207258513fb\"\n ]\n }\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/emailNotificationOption\",\n \"value\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": false,\n \"notifySpecificUsers\": false,\n \"emailAddressList\": []\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "e1e92cdc-a1f5-400b-ba92-776e44a6d22b", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"Updated description!\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accessProfileIds\",\n \"value\": [\n \"2c918087742bab150174407a80f3125e\",\n \"2c918087742bab150174407a80f3124f\"\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/accountActions\",\n \"value\": [\n {\n \"action\": \"ENABLE\",\n \"sourceIds\": [\n \"2c9180846a2f82fb016a481c1b1560c5\",\n \"2c9180846a2f82fb016a481c1b1560cc\"\n ]\n },\n {\n \"action\": \"DISABLE\",\n \"sourceIds\": [\n \"2c91808869a0c9980169a207258513fb\"\n ]\n }\n ]\n },\n {\n \"op\": \"replace\",\n \"path\": \"/emailNotificationOption\",\n \"value\": {\n \"notifyManagers\": true,\n \"notifyAllAdmins\": false,\n \"notifySpecificUsers\": false,\n \"emailAddressList\": []\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Lifecycle State by ID", + "id": "f3363350-d48b-43a3-8e35-7c8f284450ba", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id", + "value": "2b838de9-db9b-abcf-e646-d4f274ad4238" + }, + { + "key": "lifecycle-state-id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This endpoint deletes the Lifecycle State using it's ID.\nA token with API, or ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "223a491c-d191-4d26-8857-2a157a4fa1cb", + "name": "The request was successfully accepted into the system.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n}" + }, + { + "id": "4be3a2b2-8c24-4e5f-8abd-5c1347dae93e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "7a0eae5d-e063-4625-9128-02aabcb58402", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0f415661-d1b3-49a5-bb32-05f825489371", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "386cbbaf-55d8-4b27-971a-e272c76ef278", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "e28f5920-4493-45a8-899e-3ac7e86d81c6", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "866e44aa-72d0-4825-8aeb-74926b27013b", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/lifecycle-states/:lifecycle-state-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "lifecycle-states", + ":lifecycle-state-id" + ], + "variable": [ + { + "key": "identity-profile-id" + }, + { + "key": "lifecycle-state-id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "5f0e2788-f681-4b7d-ab44-34c78ffae932", + "description": "Use this API to implement and customize lifecycle state functionality.\nWith this functionality in place, administrators can create and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have.\n\nA lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with IdentityNow: 'Active' and 'Inactive.' \nWhen an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes. \nThe inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored. \nThis saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc. \n\nAdministrators can create a variety of custom lifecycle states. Refer to [Planning New Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#planning-new-lifecycle-states) for some custom lifecycle state ideas.\n\nAdministrators must define the criteria for being in each lifecycle state, and they must define how IdentityNow manages users' access to apps and sources for each lifecycle state.\n\nIn IdentityNow, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to either select the lifecycle state they want to modify or create a new lifecycle state. \n\nIn the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state: \n\n- Enable/disable the lifecycle state for the identity profile.\n\n- Enable/disable source accounts for the identity profile's lifecycle state.\n\n- Add existing access profiles to grant to the identity profiles in that lifecycle state.\n\n- Create a new access profile to grant to the identity profile in that lifecycle state.\n\nAccess profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state. \nTo maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state. \nFor example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states.\n\nDuring scheduled refreshes, IdentityNow evaluates lifFecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. \nIf the identities are missing access, IdentityNow provisions that access. \n\nAdministrators can also use the 'Provisioning' tab to configure email notifications for IdentityNow to send whenever an identity with that identity profile has a lifecycle state change. \nRefer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so.\n\nAn identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.' \nRefer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses. \n\nRefer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states.\n" + }, + { + "name": "Identity Profiles", + "item": [ + { + "name": "Identity Profiles List", + "id": "e2cefd7e-3490-4d9a-bb9f-6f3db2843881", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + }, + "description": "This returns a list of Identity Profiles based on the specified query parameters.\nA token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles." + }, + "response": [ + { + "id": "e8847256-ab12-47ab-86b3-4139f02310d8", + "name": "List of identityProfiles.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n },\n {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n]" + }, + { + "id": "caff0f2d-73f3-49af-88ca-a99ba1b295b0", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "b33c52fd-8746-4f63-a415-ce764b704adf", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "5c8f04ae-094b-459e-8599-4c24d316c284", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "df2b901f-d980-4103-bf05-46194df412e2", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "2d0b8f9e-1120-4df1-be5c-b078b931b856", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Export Identity Profiles", + "id": "e96bd705-6dbb-4e6d-8e87-40b9aa7bbfc4", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/export?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "export" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + }, + "description": "This exports existing identity profiles in the format specified by the sp-config service." + }, + "response": [ + { + "id": "d3d66600-0aa6-4f2a-8815-743d8acc99c1", + "name": "List of export objects with identity profiles.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/export?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "export" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n },\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n }\n]" + }, + { + "id": "3dfda1f1-0914-4af5-9518-fd17e23d1387", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/export?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "export" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "3d1a00e2-dd02-4f9e-9eb6-9193988432a5", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/export?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "export" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "ade4f601-706a-4795-89d1-ad746a999929", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/export?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "export" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "d6d2a011-37bd-4e69-ae13-2ccfaae9c506", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/export?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "export" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "e275f069-4277-4fb6-b32d-368892ba6e5c", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/export?limit=250&offset=0&count=true&filters=id eq \"ef38f94347e94562b5bb8424a56397d8\"&sorters=id,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "export" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, ne*\n\n**name**: *eq, ne*\n\n**priority**: *eq, ne*", + "key": "filters", + "value": "id eq \"ef38f94347e94562b5bb8424a56397d8\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **priority**", + "key": "sorters", + "value": "id,name" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Import Identity Profiles", + "id": "91d50b5e-078c-415f-b562-1c087a7a330d", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n },\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/import", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "import" + ] + }, + "description": "This imports previously exported identity profiles." + }, + "response": [ + { + "id": "79747a87-e73f-4772-8844-b17fade3d2df", + "name": "The result of importing Identity Profiles.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n },\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/import", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "import" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"infos\": [\n {\n \"key\": \"UNKNOWN_REFERENCE_RESOLVER\",\n \"text\": \"Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]\",\n \"details\": {\n \"details\": \"message details\"\n }\n },\n {\n \"key\": \"UNKNOWN_REFERENCE_RESOLVER\",\n \"text\": \"Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]\",\n \"details\": {\n \"details\": \"message details\"\n }\n }\n ],\n \"warnings\": [\n {\n \"key\": \"UNKNOWN_REFERENCE_RESOLVER\",\n \"text\": \"Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]\",\n \"details\": {\n \"details\": \"message details\"\n }\n },\n {\n \"key\": \"UNKNOWN_REFERENCE_RESOLVER\",\n \"text\": \"Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]\",\n \"details\": {\n \"details\": \"message details\"\n }\n }\n ],\n \"errors\": [\n {\n \"key\": \"UNKNOWN_REFERENCE_RESOLVER\",\n \"text\": \"Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]\",\n \"details\": {\n \"details\": \"message details\"\n }\n },\n {\n \"key\": \"UNKNOWN_REFERENCE_RESOLVER\",\n \"text\": \"Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]\",\n \"details\": {\n \"details\": \"message details\"\n }\n }\n ],\n \"importedObjects\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n }\n ]\n}" + }, + { + "id": "3597ab19-0c55-43fd-a219-2a68a51832f9", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n },\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/import", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "import" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "47c8d74b-d17e-4226-ae24-2167876de571", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n },\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/import", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "import" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "7471d285-bf13-4cd6-a7e1-605ab500980f", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n },\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/import", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "import" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "4c8aecf2-f5dc-4c2a-a1d5-1bd1bd362338", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n },\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/import", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "import" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "1e0bcddf-a0dc-40c1-b25b-7b0e740bf57a", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n },\n {\n \"version\": 1,\n \"self\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"object\": {\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/identity-profiles/import", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + "import" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get single Identity Profile", + "id": "4e8fb79e-23c9-48bf-8b13-ed6a1b28dd47", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id" + ], + "variable": [ + { + "key": "identity-profile-id", + "value": "2b838de9-db9b-abcf-e646-d4f274ad4238" + } + ] + }, + "description": "This returns a single Identity Profile based on ID.\nA token with ORG_ADMIN or API authority is required to call this API." + }, + "response": [ + { + "id": "bed73a76-8f3b-4a5f-bdec-c5f07c0d6ca1", + "name": "An Identity Profile object.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"authoritativeSource\": {\n \"type\": \"SOURCE\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"HR Active Directory\"\n },\n \"name\": \"aName\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"description\": \"My custom flat file profile\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180835d191a86015d28455b4b232a\",\n \"name\": \"William Wilson\"\n },\n \"priority\": 10,\n \"identityRefreshRequired\": true,\n \"identityCount\": 8,\n \"identityAttributeConfig\": {\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n },\n \"identityExceptionReportReference\": {\n \"taskResultId\": \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"reportName\": \"My annual report\"\n },\n \"hasTimeBasedAttr\": true\n}" + }, + { + "id": "56fc1431-5e13-4a70-bd3c-b16b90b9ddd2", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "7e59bc66-3119-476e-84d2-b6e9025aa0fb", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0832516e-f349-4731-8eca-cc5001371d04", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "be65d44d-9125-482b-b921-1815bcd0e757", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "848673e8-3f39-455f-8c77-b285776bf7ed", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "0041fd98-b468-46bc-b601-5f9c0d8dbb20", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get default Identity Attribute Config", + "id": "f1524eb3-6120-40c4-b58d-e52f26e9e71d", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/default-identity-attribute-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "default-identity-attribute-config" + ], + "variable": [ + { + "key": "identity-profile-id", + "value": "2b838de9-db9b-abcf-e646-d4f274ad4238" + } + ] + }, + "description": "This returns the default identity attribute config.\nA token with ORG_ADMIN authority is required to call this API to get the default identity attribute config." + }, + "response": [ + { + "id": "8023ced9-2f08-4654-b78d-77e3b65a9f28", + "name": "An Identity Attribute Config object.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/default-identity-attribute-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "default-identity-attribute-config" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"enabled\": true,\n \"attributeTransforms\": [\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n },\n {\n \"identityAttributeName\": \"email\",\n \"transformDefinition\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"e-mail\",\n \"sourceName\": \"MySource\",\n \"sourceId\": \"2c9180877a826e68017a8c0b03da1a53\"\n }\n }\n }\n ]\n}" + }, + { + "id": "f768c7ed-ee58-46e4-a2cd-4a4284e6bbc3", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/default-identity-attribute-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "default-identity-attribute-config" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "eab340d1-df12-4a14-adf2-13240f2af978", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/default-identity-attribute-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "default-identity-attribute-config" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "1619ec80-7553-4485-a7b1-ccaa269fbcfd", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/default-identity-attribute-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "default-identity-attribute-config" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "a17ec487-1b15-44a2-a6af-936868c54bac", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/default-identity-attribute-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "default-identity-attribute-config" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "bc7829cf-2905-44ea-8e92-5d799080e524", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/default-identity-attribute-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "default-identity-attribute-config" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "04fab63c-00e4-44c3-b917-d3a450b1dbc8", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/identity-profiles/:identity-profile-id/default-identity-attribute-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "identity-profiles", + ":identity-profile-id", + "default-identity-attribute-config" + ], + "variable": [ + { + "key": "identity-profile-id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "cc9a3bdb-02d4-43bd-bda6-8c86ad63477b", + "description": "Use this API to implement identity profile functionality. \nWith this functionality in place, administrators can view identity profiles and their configurations. \n\nIdentity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes. \n\nIn IdentityNow, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles. \nThis list shows some details about each identity profile, along with its status. \nThey can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings. \n\nRefer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles.\n" + }, + { + "name": "Non-Employee Lifecycle Management", + "item": [ + { + "name": "Create Non-Employee Record", + "id": "5ee37fac-6abd-4c7a-8827-1c535048cd3f", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ] + }, + "description": "This request will create a non-employee record.\nRequires role context of `idn:nesr:create`" + }, + "response": [ + { + "id": "a5c271e7-7ad2-4c59-acb6-27fdf8880ff0", + "name": "Created non-employee record.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"accountName\": \"Abby.Smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"startDate\": \"2019-08-23T18:52:59.162Z\",\n \"endDate\": \"2020-08-23T18:52:59.162Z\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n}" + }, + { + "id": "a5151754-ee15-4907-b342-b7d5d1746c2b", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5060b154-007f-471f-ad7a-39ed8c931623", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "2ef38a86-3aa0-497a-9cb5-83471a63a011", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "0b9367f1-c278-42d5-85e0-6af89c434e5f", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "a32e7d8e-5232-4196-83c1-e6494d2d9c8c", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "List Non-Employee Records", + "id": "3f569c9f-bc6b-4706-a421-73fc130531fd", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records?limit=250&offset=0&count=true&sorters=accountName,sourceId&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**", + "key": "sorters", + "value": "accountName,sourceId" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + }, + "description": "This gets a list of non-employee records. There are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees.\n 2. The user is an account manager, in which case they can get a list of the non-employees that they manage." + }, + "response": [ + { + "id": "0c0028b5-32a6-4b27-81d9-ec7fcaccf604", + "name": "Non-Employee record objects", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records?limit=250&offset=0&count=true&sorters=accountName,sourceId&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**", + "key": "sorters", + "value": "accountName,sourceId" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"accountName\": \"Abby.Smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"startDate\": \"2019-08-23T18:52:59.162Z\",\n \"endDate\": \"2020-08-23T18:52:59.162Z\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n },\n {\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"accountName\": \"Abby.Smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"startDate\": \"2019-08-23T18:52:59.162Z\",\n \"endDate\": \"2020-08-23T18:52:59.162Z\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n }\n]" + }, + { + "id": "839e5b0b-0138-4cb0-a1d1-7f7757ff97c5", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records?limit=250&offset=0&count=true&sorters=accountName,sourceId&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**", + "key": "sorters", + "value": "accountName,sourceId" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "a8f1444b-2484-42c4-a25b-98c9967ef83b", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records?limit=250&offset=0&count=true&sorters=accountName,sourceId&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**", + "key": "sorters", + "value": "accountName,sourceId" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "6be0a703-f0b6-488a-9dc5-4b1e3874a09b", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records?limit=250&offset=0&count=true&sorters=accountName,sourceId&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**", + "key": "sorters", + "value": "accountName,sourceId" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "a444d546-ea41-4433-8a83-fb3dc40bd525", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records?limit=250&offset=0&count=true&sorters=accountName,sourceId&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**", + "key": "sorters", + "value": "accountName,sourceId" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "06253bfe-e3e8-41a0-b092-ccacb92a8e81", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records?limit=250&offset=0&count=true&sorters=accountName,sourceId&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**", + "key": "sorters", + "value": "accountName,sourceId" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get a Non-Employee Record", + "id": "09dd261d-8b67-4b36-937b-547276f68332", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This gets a non-employee record.\nRequires role context of `idn:nesr:read`" + }, + "response": [ + { + "id": "681925c4-7bae-4e07-afb9-d8f28b6ddd58", + "name": "Non-Employee record object", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"accountName\": \"Abby.Smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"startDate\": \"2019-08-23T18:52:59.162Z\",\n \"endDate\": \"2020-08-23T18:52:59.162Z\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n}" + }, + { + "id": "cafb66b6-13c7-42fe-a028-29cef4761393", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5a4dae82-eb70-4dff-941b-01476cc8355d", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "ed2bb6ab-f804-4403-94a8-b6d93598f955", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "9f633d9d-e5a1-4c79-82b6-ee7e75af22bd", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "8c125a5e-f317-4d4f-96c8-6a09a85396d8", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Non-Employee Record", + "id": "07f84d33-c94a-4e13-b309-19d42eb7cc99", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This request will update a non-employee record. There are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:update`, in which case they\nupdate all available fields.\n 2. The user is owner of the source, in this case they can only update the\nend date." + }, + "response": [ + { + "id": "f18518e5-6f1c-4ee9-8aeb-18e7a8b33458", + "name": "An updated non-employee record.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"accountName\": \"Abby.Smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"startDate\": \"2019-08-23T18:52:59.162Z\",\n \"endDate\": \"2020-08-23T18:52:59.162Z\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n}" + }, + { + "id": "b78c0777-f790-48b6-bedd-c32e694b63dc", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "1b95a368-0202-4156-8be0-a5c1ec714494", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "e1f71f91-a03b-45ba-883f-cfbf573d2329", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "5ec3a72e-a50c-421e-9868-36d877e73bd7", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "3bbba9f3-67eb-4695-a5a1-b6cde34179c0", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "b835d2cd-cb52-4a73-a895-69f351ba4d3c", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Patch Non-Employee Record", + "id": "b535fae6-c2cf-4d80-a519-4f2122add474", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/endDate\",\n \"value\": \"2019-08-23T18:40:35.772Z\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This request will patch a non-employee record. There are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:update`, in which case they\nupdate all available fields.\n 2. The user is owner of the source, in this case they can only update the\nend date." + }, + "response": [ + { + "id": "f17d0400-fc64-4e81-aeef-c6d19bfb6274", + "name": "A patched non-employee record.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/endDate\",\n \"value\": \"2019-08-23T18:40:35.772Z\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"ef38f94347e94562b5bb8424a56397d8\",\n \"accountName\": \"Abby.Smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"startDate\": \"2019-08-23T18:52:59.162Z\",\n \"endDate\": \"2020-08-23T18:52:59.162Z\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n}" + }, + { + "id": "2a9baa55-0f2e-4b17-837d-a82980a54b1b", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/endDate\",\n \"value\": \"2019-08-23T18:40:35.772Z\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "6341e068-9eb2-42ee-b069-6e2667300b19", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/endDate\",\n \"value\": \"2019-08-23T18:40:35.772Z\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "276b9ecd-a79c-476a-a63d-b09c8791a088", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/endDate\",\n \"value\": \"2019-08-23T18:40:35.772Z\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "8819b85b-8c86-4289-b3b7-6ed13e59ed57", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/endDate\",\n \"value\": \"2019-08-23T18:40:35.772Z\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "40c4da7c-e64c-4068-bbe1-1c9e2622e47e", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/endDate\",\n \"value\": \"2019-08-23T18:40:35.772Z\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "5d4261e7-25b8-4c6d-be5d-404870f0fdd2", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/endDate\",\n \"value\": \"2019-08-23T18:40:35.772Z\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Non-Employee Record", + "id": "bdcae503-5795-4810-96cf-c3086f8c8234", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This request will delete a non-employee record.\nRequires role context of `idn:nesr:delete`" + }, + "response": [ + { + "id": "fa505083-854b-4288-92cc-581e3e63ae59", + "name": "No content - indicates the request was successful but there is no content to be returned in the response.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "16ef6b63-8d88-4df1-9417-6765677b3160", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "54b82ce3-0543-438d-9ccd-93652d51d328", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "80e53daf-19fd-43b4-8e32-acebfaa64442", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "dc07864c-6b47-4e34-be38-83ec530f8390", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "813fc9c5-bc9a-4c05-ad7e-f7685ef77826", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-records/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Multiple Non-Employee Records", + "id": "8ebc9006-7fd2-4889-b06b-ee27582dc4f8", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"ids\": [\n \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"2d838de9-db9b-abcf-e646-d4f274ad4238\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + "bulk-delete" + ] + }, + "description": "This request will delete multiple non-employee records based on the non-employee ids provided. Requires role context of `idn:nesr:delete`" + }, + "response": [ + { + "id": "91d0875f-8e67-4c9d-b835-5b305b592b8c", + "name": "No content - indicates the request was successful but there is no content to be returned in the response.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"ids\": [\n \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"2d838de9-db9b-abcf-e646-d4f274ad4238\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + "bulk-delete" + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "cde66a3e-0fca-4117-977b-a8b298e1c0f5", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"ids\": [\n \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"2d838de9-db9b-abcf-e646-d4f274ad4238\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + "bulk-delete" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "18f0b3f0-3f9b-4707-9fb3-89f402db6f45", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"ids\": [\n \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"2d838de9-db9b-abcf-e646-d4f274ad4238\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + "bulk-delete" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "521bff4a-abdf-4941-97dd-5b2bc2fb3c0c", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"ids\": [\n \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"2d838de9-db9b-abcf-e646-d4f274ad4238\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + "bulk-delete" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "063ecc3f-9fe2-423c-8a1a-d4ea063ef5cf", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"ids\": [\n \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"2d838de9-db9b-abcf-e646-d4f274ad4238\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + "bulk-delete" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "6dd920d0-c25c-42bf-9948-961824de397c", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"ids\": [\n \"2b838de9-db9b-abcf-e646-d4f274ad4238\",\n \"2d838de9-db9b-abcf-e646-d4f274ad4238\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-records/bulk-delete", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-records", + "bulk-delete" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create Non-Employee Request", + "id": "26c0a56b-025b-493e-b2db-c84d8876090f", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ] + }, + "description": "This request will create a non-employee request and notify the approver. Requires role context of `idn:nesr:create` or the user must own the source." + }, + "response": [ + { + "id": "3fe2ff65-56ed-4b11-9ee5-e6dcdb42eac5", + "name": "Non-Employee request creation object", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"nonEmployeeSource\": {\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\"\n },\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"approvalItems\": [\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n },\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n }\n ],\n \"approvalStatus\": \"APPROVED\",\n \"comment\": \"approved\",\n \"completionDate\": \"2020-03-24T11:11:41.139-05:00\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"modified\": \"2020-03-24T11:11:41.139-05:00\",\n \"created\": \"2020-03-24T11:11:41.139-05:00\"\n}" + }, + { + "id": "b20060d4-286f-440e-bea2-5789c7d01088", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en\",\n \"localeOrigin\": \"REQUEST\",\n \"text\": \"firstName is required; accountName is required;\"\n }\n ]\n}" + }, + { + "id": "07e5633d-d9df-4378-a26f-9637f3fac418", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "c45ae902-18a4-4e1a-b12c-ae77fa3abd91", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "7b1d36ef-189f-465c-afaf-5cb95547bbdb", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "28fbf8d8-7365-4d09-87ce-c6ec953c2232", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"data\": {\n \"description\": \"Auditing\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-requests", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "List Non-Employee Requests", + "id": "e903c20e-89b6-4bbe-8773-9a2ca50878ed", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests?limit=250&offset=0&count=true&requested-for=e136567de87e4d029e60b3c3c55db56d&sorters=created,approvalStatus&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "e136567de87e4d029e60b3c3c55db56d" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**", + "key": "sorters", + "value": "created,approvalStatus" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + }, + "description": "This gets a list of non-employee requests. There are two contextual uses for the `requested-for` path parameter:\n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request a list non-employee requests assigned to a particular account manager by passing in that manager's id.\n 2. The current user is an account manager, in which case \"me\" should be\nprovided as the `requested-for` value. This will provide the user with a list of the non-employee requests in the source(s) he or she manages." + }, + "response": [ + { + "id": "befbdd34-1109-41b4-b2a8-932331ccc739", + "name": "List of non-employee request objects.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests?limit=250&offset=0&count=true&requested-for=e136567de87e4d029e60b3c3c55db56d&sorters=created,approvalStatus&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "e136567de87e4d029e60b3c3c55db56d" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**", + "key": "sorters", + "value": "created,approvalStatus" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"nonEmployeeSource\": {\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\"\n },\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"approvalItems\": [\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n },\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n }\n ],\n \"approvalStatus\": \"APPROVED\",\n \"comment\": \"approved\",\n \"completionDate\": \"2020-03-24T11:11:41.139-05:00\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"modified\": \"2020-03-24T11:11:41.139-05:00\",\n \"created\": \"2020-03-24T11:11:41.139-05:00\"\n },\n {\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"nonEmployeeSource\": {\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\"\n },\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"approvalItems\": [\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n },\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n }\n ],\n \"approvalStatus\": \"APPROVED\",\n \"comment\": \"approved\",\n \"completionDate\": \"2020-03-24T11:11:41.139-05:00\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"modified\": \"2020-03-24T11:11:41.139-05:00\",\n \"created\": \"2020-03-24T11:11:41.139-05:00\"\n }\n]" + }, + { + "id": "76460a4f-c963-4d3f-80dc-c026f39e215e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests?limit=250&offset=0&count=true&requested-for=e136567de87e4d029e60b3c3c55db56d&sorters=created,approvalStatus&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "e136567de87e4d029e60b3c3c55db56d" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**", + "key": "sorters", + "value": "created,approvalStatus" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "cc819372-9380-444a-9217-d92700bc9335", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests?limit=250&offset=0&count=true&requested-for=e136567de87e4d029e60b3c3c55db56d&sorters=created,approvalStatus&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "e136567de87e4d029e60b3c3c55db56d" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**", + "key": "sorters", + "value": "created,approvalStatus" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "f27653af-e9e4-4dd8-8328-0557af78628f", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests?limit=250&offset=0&count=true&requested-for=e136567de87e4d029e60b3c3c55db56d&sorters=created,approvalStatus&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "e136567de87e4d029e60b3c3c55db56d" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**", + "key": "sorters", + "value": "created,approvalStatus" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "2d7e2a4e-73f7-4195-bfcd-76cbd0c8605a", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests?limit=250&offset=0&count=true&requested-for=e136567de87e4d029e60b3c3c55db56d&sorters=created,approvalStatus&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "e136567de87e4d029e60b3c3c55db56d" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**", + "key": "sorters", + "value": "created,approvalStatus" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "7f9e3d00-938d-432f-85dc-5de89fc414e3", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests?limit=250&offset=0&count=true&requested-for=e136567de87e4d029e60b3c3c55db56d&sorters=created,approvalStatus&filters=sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "e136567de87e4d029e60b3c3c55db56d" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**", + "key": "sorters", + "value": "created,approvalStatus" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq \"2c91808568c529c60168cca6f90c1313\"", + "key": "filters", + "value": "sourceId eq \"2c91808568c529c60168cca6f90c1313\"" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get a Non-Employee Request", + "id": "3af60629-637b-4dbc-8b95-15fe42fc5ce9", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ac110005-7156-1150-8171-5b292e3e0084" + } + ] + }, + "description": "This gets a non-employee request.\nThere are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:read`, in this case the user\ncan get the non-employee request for any user.\n 2. The user must be the owner of the non-employee request." + }, + "response": [ + { + "id": "5571d64f-5ce4-43d5-804e-319a1540c66e", + "name": "Non-Employee request object.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"nonEmployeeSource\": {\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\"\n },\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"approvalItems\": [\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n },\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n }\n ],\n \"approvalStatus\": \"APPROVED\",\n \"comment\": \"approved\",\n \"completionDate\": \"2020-03-24T11:11:41.139-05:00\",\n \"startDate\": \"2020-03-24T00:00:00-05:00\",\n \"endDate\": \"2021-03-25T00:00:00-05:00\",\n \"modified\": \"2020-03-24T11:11:41.139-05:00\",\n \"created\": \"2020-03-24T11:11:41.139-05:00\"\n}" + }, + { + "id": "d50d04c5-c976-4557-bbe3-739ca6550a00", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "b829ac7d-6507-4af6-a765-9eaf3649cfc1", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "8854090a-4be4-4c63-86f7-32dcc1d0f525", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "8af3f812-43df-4f0c-8e86-9693429e9159", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "a71cdccf-535d-4d00-a162-19adf7aba441", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "a8ffd38b-d3be-484a-84b2-dd2b8342c875", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Non-Employee Request", + "id": "e3e7f895-39b5-4864-a262-45249f1dd34a", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ac110005-7156-1150-8171-5b292e3e0084" + } + ] + }, + "description": "This request will delete a non-employee request. \nRequires role context of `idn:nesr:delete`" + }, + "response": [ + { + "id": "f7e30eb2-2758-465c-b1d3-d8c162a1ccd6", + "name": "No content - indicates the request was successful but there is no content to be returned in the response.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "097e33bb-37b7-4f1e-8cfc-68ba7f67a11a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "520cd8c8-84af-4d52-b67a-da04bb4f2ebc", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0694d3b7-9ba4-4f27-a70d-bf696f8f74bd", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "059198c6-168f-4a08-bcdb-744e311e9e43", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "71607e3e-46c9-4630-b37d-6e87d82d6bf2", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "de547bee-13b2-4381-b2f1-895b669e30b1", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Summary of Non-Employee Requests", + "id": "bdd81d52-46aa-4da0-abd8-412eed366712", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for", + "value": "2c91808280430dfb0180431a59440460" + } + ] + }, + "description": "This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter:\n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id.\n 2. The current user is an account manager, in which case \"me\" should be\nprovided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages." + }, + "response": [ + { + "id": "2ce0906e-d646-4eb3-86ac-d9850b4e1b09", + "name": "Non-Employee request summary object.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"approved\": 2,\n \"rejected\": 2,\n \"pending\": 2,\n \"nonEmployeeCount\": 2\n}" + }, + { + "id": "be3d8e44-0a9e-403d-88e7-eb519e204397", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "26c73995-6968-4271-bf47-6d19fae12e40", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "fb8405d9-5106-4003-b415-1d3037dda1d1", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "91c30f46-fd7a-4121-b56b-1b4020995cfe", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "c99f3e55-5421-4e25-a4fb-834f1018c4dd", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-requests/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-requests", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create Non-Employee Source", + "id": "041de26d-e3da-413e-a919-e63067a4ced1", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"managementWorkgroup\": \"123299\",\n \"approvers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ],\n \"accountManagers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ] + }, + "description": "This request will create a non-employee source. Requires role context of `idn:nesr:create`" + }, + "response": [ + { + "id": "567409d9-6bc0-42a4-b555-d3b9680f56e6", + "name": "Created non-employee source.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"managementWorkgroup\": \"123299\",\n \"approvers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ],\n \"accountManagers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"approvers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"accountManagers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"cloudExternalId\": \"99999\"\n}" + }, + { + "id": "4e85791e-9133-422a-b7b4-674aad3ef253", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"managementWorkgroup\": \"123299\",\n \"approvers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ],\n \"accountManagers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "70844d5b-cd90-4047-a179-c9e688a8e318", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"managementWorkgroup\": \"123299\",\n \"approvers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ],\n \"accountManagers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "5ba159e5-2411-48fe-9867-6ffc071003b9", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"managementWorkgroup\": \"123299\",\n \"approvers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ],\n \"accountManagers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "d887e152-7444-4809-8eea-5b206e216258", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"managementWorkgroup\": \"123299\",\n \"approvers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ],\n \"accountManagers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "14aa93ab-aec1-4a6d-a38b-5ba40fa5caae", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"owner\": {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"managementWorkgroup\": \"123299\",\n \"approvers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ],\n \"accountManagers\": [\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n },\n {\n \"id\": \"2c91808570313110017040b06f344ec9\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "List Non-Employee Sources", + "id": "5c5ea916-5697-40aa-ac2d-cc39bf2ca911", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources?limit=250&offset=0&count=true&requested-for=me&non-employee-count=true&sorters=name,created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "me" + }, + { + "description": "The flag to determine whether return a non-employee count associate with source.", + "key": "non-employee-count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**", + "key": "sorters", + "value": "name,created" + } + ] + }, + "description": "This gets a list of non-employee sources. There are two contextual uses for the requested-for path parameter: \n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request a list sources assigned to a particular account manager by passing in that manager's id.\n 2. The current user is an account manager, in which case \"me\" should be\nprovided as the `requested-for` value. This will provide the user with a list of the sources that he or she owns." + }, + "response": [ + { + "id": "4f5a2232-42f7-412f-b9f1-5234184e1b29", + "name": "List of non-employee sources objects.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources?limit=250&offset=0&count=true&requested-for=me&non-employee-count=true&sorters=name,created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "me" + }, + { + "description": "The flag to determine whether return a non-employee count associate with source.", + "key": "non-employee-count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**", + "key": "sorters", + "value": "name,created" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"approvers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"accountManagers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"nonEmployeeCount\": 120\n },\n {\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"approvers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"accountManagers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"nonEmployeeCount\": 120\n }\n]" + }, + { + "id": "e6b06cf5-f080-4b39-9bb2-6b16156a18c7", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources?limit=250&offset=0&count=true&requested-for=me&non-employee-count=true&sorters=name,created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "me" + }, + { + "description": "The flag to determine whether return a non-employee count associate with source.", + "key": "non-employee-count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**", + "key": "sorters", + "value": "name,created" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "62a3bebb-4521-4bff-b263-d65d8fd0c038", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources?limit=250&offset=0&count=true&requested-for=me&non-employee-count=true&sorters=name,created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "me" + }, + { + "description": "The flag to determine whether return a non-employee count associate with source.", + "key": "non-employee-count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**", + "key": "sorters", + "value": "name,created" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "979cdd0d-5283-4f02-92e2-ef35e19c82c1", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources?limit=250&offset=0&count=true&requested-for=me&non-employee-count=true&sorters=name,created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "me" + }, + { + "description": "The flag to determine whether return a non-employee count associate with source.", + "key": "non-employee-count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**", + "key": "sorters", + "value": "name,created" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "d490e163-a149-4b50-ab70-f53ec32fa14f", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources?limit=250&offset=0&count=true&requested-for=me&non-employee-count=true&sorters=name,created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "me" + }, + { + "description": "The flag to determine whether return a non-employee count associate with source.", + "key": "non-employee-count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**", + "key": "sorters", + "value": "name,created" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "7c58f87b-f8a4-4741-859e-b70d2cdcb6cf", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources?limit=250&offset=0&count=true&requested-for=me&non-employee-count=true&sorters=name,created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "(Required) The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "me" + }, + { + "description": "The flag to determine whether return a non-employee count associate with source.", + "key": "non-employee-count", + "value": "true" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**", + "key": "sorters", + "value": "name,created" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get a Non-Employee Source", + "id": "8ce2c569-61b2-49a8-b17d-1344f5d30b5d", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c91808b7c28b350017c2a2ec5790aa1" + } + ] + }, + "description": "This gets a non-employee source. There are two contextual uses for the requested-for path parameter: \n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request any source.\n 2. The current user is an account manager, in which case the user can only\nrequest sources that they own." + }, + "response": [ + { + "id": "7117c1d6-d130-48f2-8cdc-957ee3cfab6a", + "name": "Non-Employee source object.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"approvers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"accountManagers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n}" + }, + { + "id": "08653269-7dcb-4b3e-a6bd-f8057badc94b", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "e11138a9-4267-4255-aa05-e7734ebbc2ae", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "33cb5d7f-d4ff-4867-954e-a138b5e4d39d", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "628edd3b-4cac-489d-8f08-a6cacc756ee0", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "bbcaf4f6-b103-4cce-b5b2-c0c9b2016591", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Patch a Non-Employee Source", + "id": "f2467d90-ba38-4e6e-8930-acf844ed872f", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": {\n \"new name\": null\n }\n },\n {\n \"op\": \"replace\",\n \"path\": \"/approvers\",\n \"value\": [\n \"2c91809f703bb37a017040a2fe8748c7\",\n \"48b1f463c9e8427db5a5071bd81914b8\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId", + "value": "e136567de87e4d029e60b3c3c55db56d" + } + ] + }, + "description": "patch a non-employee source. (partial update)
Patchable field: **name, description, approvers, accountManagers** Requires role context of `idn:nesr:update`." + }, + "response": [ + { + "id": "e5b529c4-6dcc-4913-9896-c2f65fa89963", + "name": "A patched non-employee source object.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": {\n \"new name\": null\n }\n },\n {\n \"op\": \"replace\",\n \"path\": \"/approvers\",\n \"value\": [\n \"2c91809f703bb37a017040a2fe8748c7\",\n \"48b1f463c9e8427db5a5071bd81914b8\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"approvers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"accountManagers\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n }\n ],\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\"\n}" + }, + { + "id": "3ec917c2-2820-457f-9a4f-1709ca18d72c", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": {\n \"new name\": null\n }\n },\n {\n \"op\": \"replace\",\n \"path\": \"/approvers\",\n \"value\": [\n \"2c91809f703bb37a017040a2fe8748c7\",\n \"48b1f463c9e8427db5a5071bd81914b8\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "8b95d972-bf62-481c-ae6f-56bab78f677a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": {\n \"new name\": null\n }\n },\n {\n \"op\": \"replace\",\n \"path\": \"/approvers\",\n \"value\": [\n \"2c91809f703bb37a017040a2fe8748c7\",\n \"48b1f463c9e8427db5a5071bd81914b8\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "66295b86-de11-4a60-99d0-544006ee9bee", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": {\n \"new name\": null\n }\n },\n {\n \"op\": \"replace\",\n \"path\": \"/approvers\",\n \"value\": [\n \"2c91809f703bb37a017040a2fe8748c7\",\n \"48b1f463c9e8427db5a5071bd81914b8\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "2e954f89-3962-4e7f-82cd-093dc4407cc8", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": {\n \"new name\": null\n }\n },\n {\n \"op\": \"replace\",\n \"path\": \"/approvers\",\n \"value\": [\n \"2c91809f703bb37a017040a2fe8748c7\",\n \"48b1f463c9e8427db5a5071bd81914b8\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f0168676-bb66-4b7c-8840-0ff400360aaa", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": {\n \"new name\": null\n }\n },\n {\n \"op\": \"replace\",\n \"path\": \"/approvers\",\n \"value\": [\n \"2c91809f703bb37a017040a2fe8748c7\",\n \"48b1f463c9e8427db5a5071bd81914b8\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Non-Employee Source", + "id": "9fc4384e-a904-4fdb-9e39-fba6e778771c", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId", + "value": "e136567de87e4d029e60b3c3c55db56d" + } + ] + }, + "description": "This request will delete a non-employee source. Requires role context of `idn:nesr:delete`." + }, + "response": [ + { + "id": "93c1cf6a-3520-4352-9e78-a61b4daef413", + "name": "No content - indicates the request was successful but there is no content to be returned in the response.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "291d3c7d-16b1-42b0-854c-bd438584f1ac", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5886bacf-3bc8-4b1e-8678-925a2b932c6e", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "9ecff881-fef3-45b0-9337-899625b9f5c5", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "f4b4b3eb-4a4f-48e5-8869-c3d1875f7314", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "491a5c49-fa4b-40cf-a7e4-92e78aabdc21", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Exports Non-Employee Records to CSV", + "id": "75ce1519-7bc3-4e08-a554-94fae2e8099a", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "text/csv" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employees/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employees", + "download" + ], + "variable": [ + { + "key": "id", + "value": "e136567de87e4d029e60b3c3c55db56d" + } + ] + }, + "description": "This requests a CSV download for all non-employees from a provided source. Requires role context of `idn:nesr:read`" + }, + "response": [ + { + "id": "a532aa5d-9b95-4f05-a1a3-7b1834e879b6", + "name": "Exported CSV", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employees/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employees", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "text", + "header": [ + { + "key": "Content-Type", + "value": "text/csv" + } + ], + "cookie": [], + "body": "accountName,firstName,lastName,phone,email,manager,startDate,endDate\nJon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00\nWilliam.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00\n" + }, + { + "id": "84e5829a-a8ea-4c58-b20a-98c17ec06df8", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employees/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employees", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "94255236-4c48-478c-93dd-541df9135a5f", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employees/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employees", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "76a6abe3-f55b-4f93-902f-b35b44f8053e", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employees/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employees", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "322a42c6-85d2-4978-826b-90a983c0833e", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employees/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employees", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "c2fc4c53-0ffc-4142-ad1b-02cd151cdab9", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employees/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employees", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f073302b-1897-4960-a025-d0952bc6f8a3", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employees/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employees", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Imports, or Updates, Non-Employee Records", + "id": "4224bf9c-9418-4e46-9e42-eac93358737d", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "description": "(Required) ", + "key": "data", + "value": "irure", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload" + ], + "variable": [ + { + "key": "id", + "value": "e136567de87e4d029e60b3c3c55db56d" + } + ] + }, + "description": "This post will import, or update, Non-Employee records found in the CSV. Requires role context of `idn:nesr:create`" + }, + "response": [ + { + "id": "76679de1-a19e-4f7c-ad36-e309a02d308a", + "name": "The CSV was accepted to be bulk inserted now or at a later time.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "description": "(Required) ", + "key": "data", + "value": "irure", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808568c529c60168cca6f90cffff\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"created\": \"2019-08-23T18:52:59.162Z\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"status\": \"PENDING\"\n}" + }, + { + "id": "aa0d460b-926e-40d8-bba2-8cbf6e5c1e2c", + "name": "Client Error - Returned if the request body is invalid.\nThe response body will contain the list of specific errors with one on each line.\n", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "description": "(Required) ", + "key": "data", + "value": "irure", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "140cad92-987c-4a5c-b8b3-4dd9b7fe5452", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "description": "(Required) ", + "key": "data", + "value": "irure", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "1eaf2c8c-80f5-4aef-b7c5-36a127747517", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "description": "(Required) ", + "key": "data", + "value": "irure", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "2f07780b-5d14-499d-8e4d-7ace7e142d40", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "description": "(Required) ", + "key": "data", + "value": "irure", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "2295b064-f789-45d8-9b74-d17faf956f11", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "description": "(Required) ", + "key": "data", + "value": "irure", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "da3bd550-08b8-4710-baa2-e275b11a36aa", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "description": "(Required) ", + "key": "data", + "value": "irure", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Obtain the status of bulk upload on the source", + "id": "515b66fe-91f7-4ddc-9a77-d83e05da6384", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload/status", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload", + "status" + ], + "variable": [ + { + "key": "id", + "value": "e136567de87e4d029e60b3c3c55db56d" + } + ] + }, + "description": "The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source.\nRequires role context of `idn:nesr:read`\n" + }, + "response": [ + { + "id": "3ee4ec6d-04ec-4794-ba6c-61fadcc27661", + "name": "Status of the newest bulk-upload job, if any.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload/status", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload", + "status" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"status\": \"PENDING\"\n}" + }, + { + "id": "54d31a93-13f3-4a8d-9394-06be3411ba3b", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload/status", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload", + "status" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "efa51f2f-6443-4ff5-9346-20e681f1aaad", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload/status", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload", + "status" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "4b00a7a3-4ec7-45bd-8dd1-127031cd5ca7", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload/status", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload", + "status" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "f9eabc40-7579-4880-ac67-b28707eec4ef", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload/status", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload", + "status" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "1003d93b-2021-49af-8efe-c6e62ed87043", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/non-employee-bulk-upload/status", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "non-employee-bulk-upload", + "status" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Exports Source Schema Template", + "id": "b1f0f11c-98f3-4031-bfd4-3f0a642e3691", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "text/csv" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/schema-attributes-template/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "schema-attributes-template", + "download" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This requests a download for the Source Schema Template for a provided source. Requires role context of `idn:nesr:read`" + }, + "response": [ + { + "id": "52e3ee1f-8955-456e-8dc1-89763d9ff628", + "name": "Exported Source Schema Template", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/schema-attributes-template/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "schema-attributes-template", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "text", + "header": [ + { + "key": "Content-Type", + "value": "text/csv" + } + ], + "cookie": [], + "body": "accountName,firstName,lastName,phone,email,manager,startDate,endDate\n" + }, + { + "id": "7ab9d9a6-7660-445d-ae40-049178244725", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/schema-attributes-template/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "schema-attributes-template", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "535040b8-ba41-4de3-9e24-57ca0f131a25", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/schema-attributes-template/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "schema-attributes-template", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "974e4f30-0733-46b9-978e-15580d1c6713", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/schema-attributes-template/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "schema-attributes-template", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "1dfbffda-b39e-4e59-a147-12e035769574", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/schema-attributes-template/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "schema-attributes-template", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "3a359369-a5f9-47a5-93c9-3a26a29bfd85", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/schema-attributes-template/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "schema-attributes-template", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "e678decb-a4ba-45e8-9485-6055ebdb3716", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:id/schema-attributes-template/download", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":id", + "schema-attributes-template", + "download" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get List of Non-Employee Approval Requests", + "id": "6907c4d3-80f7-498f-9ac4-04240d7af645", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals?requested-for=2c91808280430dfb0180431a59440460&limit=250&offset=0&count=true&filters=approvalStatus eq \"Pending\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals" + ], + "query": [ + { + "description": "The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "2c91808280430dfb0180431a59440460" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq \"PENDING\"", + "key": "filters", + "value": "approvalStatus eq \"Pending\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created" + } + ] + }, + "description": "This gets a list of non-employee approval requests.\nThere are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:read`, in which case they\ncan list the approvals for any approver.\n 2. The user owns the requested approval." + }, + "response": [ + { + "id": "45dcc3fe-143a-4702-add1-b98e7f79ed5a", + "name": "List of approval items.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals?requested-for=2c91808280430dfb0180431a59440460&limit=250&offset=0&count=true&filters=approvalStatus eq \"Pending\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals" + ], + "query": [ + { + "description": "The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "2c91808280430dfb0180431a59440460" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq \"PENDING\"", + "key": "filters", + "value": "approvalStatus eq \"Pending\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"nonEmployeeRequest\": {\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"name\": \"William Smith\"\n }\n }\n },\n {\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"nonEmployeeRequest\": {\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"name\": \"William Smith\"\n }\n }\n }\n]" + }, + { + "id": "b74b9a7b-fdac-40e3-b0e0-4c9dd6e1bde3", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals?requested-for=2c91808280430dfb0180431a59440460&limit=250&offset=0&count=true&filters=approvalStatus eq \"Pending\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals" + ], + "query": [ + { + "description": "The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "2c91808280430dfb0180431a59440460" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq \"PENDING\"", + "key": "filters", + "value": "approvalStatus eq \"Pending\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5cfbb67c-7979-4c6b-8ca6-41ce1126c016", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals?requested-for=2c91808280430dfb0180431a59440460&limit=250&offset=0&count=true&filters=approvalStatus eq \"Pending\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals" + ], + "query": [ + { + "description": "The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "2c91808280430dfb0180431a59440460" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq \"PENDING\"", + "key": "filters", + "value": "approvalStatus eq \"Pending\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "d585c4be-3143-481c-8367-29fb3b8b3951", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals?requested-for=2c91808280430dfb0180431a59440460&limit=250&offset=0&count=true&filters=approvalStatus eq \"Pending\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals" + ], + "query": [ + { + "description": "The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "2c91808280430dfb0180431a59440460" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq \"PENDING\"", + "key": "filters", + "value": "approvalStatus eq \"Pending\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "f8c58fb9-4bac-426f-ae98-a13bfe3d78c2", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals?requested-for=2c91808280430dfb0180431a59440460&limit=250&offset=0&count=true&filters=approvalStatus eq \"Pending\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals" + ], + "query": [ + { + "description": "The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "2c91808280430dfb0180431a59440460" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq \"PENDING\"", + "key": "filters", + "value": "approvalStatus eq \"Pending\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "3fd5559b-5b55-46e5-9395-fc21f7269dd1", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals?requested-for=2c91808280430dfb0180431a59440460&limit=250&offset=0&count=true&filters=approvalStatus eq \"Pending\"&sorters=created", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals" + ], + "query": [ + { + "description": "The identity for whom the request was made. *me* indicates the current user.", + "key": "requested-for", + "value": "2c91808280430dfb0180431a59440460" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq \"PENDING\"", + "key": "filters", + "value": "approvalStatus eq \"Pending\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**", + "key": "sorters", + "value": "created" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get a non-employee approval item detail", + "id": "c3cb0f0a-d53a-45d7-8345-df5b9dff1c82", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id?include-detail=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id" + ], + "query": [ + { + "description": "The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*", + "key": "include-detail", + "value": "true" + } + ], + "variable": [ + { + "key": "id", + "value": "e136567de87e4d029e60b3c3c55db56d" + } + ] + }, + "description": "Gets a non-employee approval item detail. There are two contextual uses for this endpoint:\n 1. The user has the role context of `idn:nesr:read`, in which case they\ncan get any approval.\n 2. The user owns the requested approval." + }, + "response": [ + { + "id": "4091191b-75c0-4437-8999-5cea7fed6622", + "name": "Non-Employee approval item object.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id?include-detail=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id" + ], + "query": [ + { + "description": "The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*", + "key": "include-detail", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"nonEmployeeRequest\": {\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"name\": \"William Smith\"\n },\n \"accountName\": \"william.smith\",\n \"firstName\": \"William\",\n \"lastName\": \"Smith\",\n \"email\": \"william.smith@example.com\",\n \"phone\": \"5555555555\",\n \"manager\": \"jane.doe\",\n \"nonEmployeeSource\": {\n \"id\": \"a0303682-5e4a-44f7-bdc2-6ce6112549c1\",\n \"sourceId\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"Retail\",\n \"description\": \"Source description\",\n \"schemaAttributes\": [\n {\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"system\": true,\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n },\n {\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"system\": true,\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n }\n ]\n },\n \"data\": {\n \"description\": \"Auditing\"\n },\n \"approvalStatus\": \"APPROVED\",\n \"comment\": \"approved\",\n \"completionDate\": \"2020-03-24T11:11:41.139-05:00\",\n \"startDate\": \"2020-03-24\",\n \"endDate\": \"2021-03-25\",\n \"modified\": \"2020-03-24T11:11:41.139-05:00\",\n \"created\": \"2020-03-24T11:11:41.139-05:00\"\n }\n}" + }, + { + "id": "7b9801bd-05a6-423c-8f36-9eb565d96f38", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id?include-detail=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id" + ], + "query": [ + { + "description": "The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*", + "key": "include-detail", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "d579cbc9-b6c1-498b-b6eb-9254389e4fc0", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id?include-detail=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id" + ], + "query": [ + { + "description": "The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*", + "key": "include-detail", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "15323bfc-17cf-416a-8cd2-9d9cc0caa228", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id?include-detail=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id" + ], + "query": [ + { + "description": "The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*", + "key": "include-detail", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "3c14d3e0-5529-4cd9-aa2f-d55e3fea09a1", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id?include-detail=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id" + ], + "query": [ + { + "description": "The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*", + "key": "include-detail", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "9b23d790-5ff6-4ac3-8aec-8b59f876085a", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id?include-detail=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id" + ], + "query": [ + { + "description": "The object nonEmployeeRequest will not be included detail when set to false. *Default value is true*", + "key": "include-detail", + "value": "true" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Approve a Non-Employee Request", + "id": "8a7281ce-ac17-406b-aae2-a38687b35818", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Approved by manager\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "approve" + ], + "variable": [ + { + "key": "id", + "value": "e136567de87e4d029e60b3c3c55db56d" + } + ] + }, + "description": "Approves a non-employee approval request and notifies the next approver. The current user must be the requested approver." + }, + "response": [ + { + "id": "cb2d3dfc-7a03-48df-8ce5-82a94e077c7e", + "name": "Non-Employee approval item object.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Approved by manager\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "approve" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"nonEmployeeRequest\": {\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"name\": \"William Smith\"\n }\n }\n}" + }, + { + "id": "f1ab6a7f-5ef1-46e4-91a2-1b67cdd5e6c3", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Approved by manager\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "approve" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "7598a21a-4365-4355-bbb8-f91368e95815", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Approved by manager\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "approve" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "eec1ee50-4454-462d-8078-8ac929cfb3ef", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Approved by manager\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "approve" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "e95471e4-aff8-44cd-b228-46ef260aa340", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Approved by manager\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "approve" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "6a949d12-dff5-405b-9b94-9ee52a5a415b", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"Approved by manager\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/approve", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "approve" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Reject a Non-Employee Request", + "id": "dfea1b74-97ff-4f55-bcf9-b86146236121", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"approved\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "reject" + ], + "variable": [ + { + "key": "id", + "value": "e136567de87e4d029e60b3c3c55db56d" + } + ] + }, + "description": "This endpoint will reject an approval item request and notify user. The current user must be the requested approver." + }, + "response": [ + { + "id": "9d344463-a719-4b31-8437-c7aad9d8fd80", + "name": "Non-Employee approval item object.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"approved\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "reject" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c1e388b-1e55-4b0a-ab5c-897f1204159c\",\n \"approver\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\"\n },\n \"accountName\": \"test.account\",\n \"approvalStatus\": \"APPROVED\",\n \"approvalOrder\": 1,\n \"comment\": \"I approve\",\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"nonEmployeeRequest\": {\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"requester\": {\n \"type\": \"IDENTITY\",\n \"name\": \"William Smith\"\n }\n }\n}" + }, + { + "id": "cef66924-0679-41ed-b081-75554ccecb08", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"approved\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "reject" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "f0fa058b-c8df-4ab6-a049-7b292524c7b0", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"approved\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "reject" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "236a11fa-c5ff-45eb-a82e-eee29bdd14ef", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"approved\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "reject" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "c87fe446-325f-4a5b-911a-1b201700e0ae", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"approved\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "reject" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "28c73736-0ba7-4db8-9d9d-de27770c34cf", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"comment\": \"approved\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/:id/reject", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + ":id", + "reject" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Summary of Non-Employee Approval Requests", + "id": "da609902-6ccc-45a3-bde0-45ac79e472d0", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for", + "value": "2c91808280430dfb0180431a59440460" + } + ] + }, + "description": "This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter:\n 1. The user has the role context of `idn:nesr:read`, in which case he or\nshe may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id.\n 2. The current user is an approver, in which case \"me\" should be provided\nas the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her." + }, + "response": [ + { + "id": "4c9d848a-4d73-4b8c-9dad-0f1ca63d1186", + "name": "summary of non-employee approval requests", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"approved\": 2,\n \"pending\": 2,\n \"rejected\": 2\n}" + }, + { + "id": "b2848485-fa95-4a82-ad9c-d0d035462f23", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "1b773289-94f2-47a0-9737-8ed537ebffab", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "12aa353d-0dcc-46f3-b057-587c0a8334b4", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "4ab502cd-9b97-4e9b-87cb-a94a13557322", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "ff5f4a85-7024-4c6c-a04c-fccd651a58ec", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-approvals/summary/:requested-for", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-approvals", + "summary", + ":requested-for" + ], + "variable": [ + { + "key": "requested-for" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "List Schema Attributes Non-Employee Source", + "id": "6a27e81c-4781-41d3-9ddf-2bbc85037a54", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned.\nRequires role context of `idn:nesr:read` or the user must be an account manager of the source." + }, + "response": [ + { + "id": "d03c74fd-24d3-4e35-a7cd-ce1b2e98d28e", + "name": "A list of Schema Attributes", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"system\": true,\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n },\n {\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"system\": true,\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n }\n]" + }, + { + "id": "6ef50de8-63fb-4593-bc92-b2a3775ae1c6", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "7f4835fa-26d1-455f-9ae7-f5c25ceddae9", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "7f4e875b-a5e6-4cd8-8e49-a89afd109464", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "e4c47b39-ec76-42d9-9a9b-c2009d2355a5", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "76ec323d-b8c8-4773-925f-69c721ce1c01", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "e46b9e13-94b1-4d36-9cab-9afffc0806d8", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create a new Schema Attribute for Non-Employee Source", + "id": "4dde6e5f-b036-49c5-b148-645d5009762c", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a \"400.1.409 Reference conflict\" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a \"400.1.4 Limit violation\" response.\nRequires role context of `idn:nesr:create`" + }, + "response": [ + { + "id": "bbafdf43-c7c2-4cca-971d-4c46775d06ea", + "name": "Schema Attribute created.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"system\": true,\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}" + }, + { + "id": "630d9395-e2c4-42d6-a5e0-b70da2104acb", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5b114b14-2e36-42fe-a53d-41f65784616d", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "5db2b0b5-c2fd-45d5-928c-d90420e8347c", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "25f090ef-9548-41ea-8632-97b01b7b8917", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "b2f66687-50b0-4ca1-8b03-674e8b7105ef", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete all custom schema attributes for Non-Employee Source", + "id": "9d6e3111-8934-4de4-a87d-3e385bbaa6a1", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This end-point deletes all custom schema attributes for a non-employee source. Requires role context of `idn:nesr:delete`" + }, + "response": [ + { + "id": "f06fe8a6-ba9f-4bb5-818e-ee215ce8a10d", + "name": "All custon Schema Attributes were successfully deleted.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "92bf307b-b637-42f9-80f2-51fcc9a0d755", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "0c7b21c0-717b-4d48-8ce4-171facb07f54", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "3309c4b4-a422-49ab-8669-1ac6440b40ee", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "2242f79a-d4e8-4dac-a6ae-5e3538f071af", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "300339be-8be7-409d-a58e-0d24b8184225", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Schema Attribute Non-Employee Source", + "id": "257b0923-6119-4b83-974a-c46686f9ddae", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId", + "value": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "key": "attributeId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API gets a schema attribute by Id for the specified Non-Employee SourceId. Requires role context of `idn:nesr:read` or the user must be an account manager of the source." + }, + "response": [ + { + "id": "f8d36efe-52fb-47eb-a4dc-9b3d73d17d9f", + "name": "The Schema Attribute", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"system\": true,\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}" + }, + { + "id": "e9becc68-aa16-42fe-9848-0e6f37bcd304", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "4c72a0b3-e4b7-452c-8df0-690cd90d0c8c", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "50a51c81-a70c-4c96-9221-a9798c8d443a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "ee2f47e8-84bb-4953-b261-dbbf864f26d4", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "d6e7910b-bef9-45f3-9456-f84337e5c48e", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Patch a Schema Attribute for Non-Employee Source", + "id": "fbe0c918-336b-450f-9c60-35d7c727b607", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/label\",\n \"value\": {\n \"new attribute label\": null\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId", + "value": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "key": "attributeId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This end-point patches a specific schema attribute for a non-employee SourceId.\nRequires role context of `idn:nesr:update`\n" + }, + "response": [ + { + "id": "b6b90f8d-28d7-446d-9600-4bce57135619", + "name": "The Schema Attribute was successfully patched.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/label\",\n \"value\": {\n \"new attribute label\": null\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"type\": \"TEXT\",\n \"technicalName\": \"account.name\",\n \"label\": \"Account Name\",\n \"id\": \"ac110005-7156-1150-8171-5b292e3e0084\",\n \"system\": true,\n \"modified\": \"2019-08-23T18:52:59.162Z\",\n \"created\": \"2019-08-23T18:40:35.772Z\",\n \"helpText\": \"The unique identifier for the account\",\n \"placeholder\": \"Enter a unique user name for this account.\",\n \"required\": true\n}" + }, + { + "id": "6af68f11-541f-4e23-a1cc-5c681c1b97d9", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/label\",\n \"value\": {\n \"new attribute label\": null\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5d1de108-3958-485c-a5b9-0794518e7d31", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/label\",\n \"value\": {\n \"new attribute label\": null\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "3086f488-199c-4afa-9908-7e2e13716152", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/label\",\n \"value\": {\n \"new attribute label\": null\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "91246707-62c9-46fe-b5fb-ed0ccbe1b656", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/label\",\n \"value\": {\n \"new attribute label\": null\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "41590099-391e-4493-93dc-f1a0309dfc83", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/label\",\n \"value\": {\n \"new attribute label\": null\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "18caa6d4-f677-432c-8948-4616febac0a4", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/label\",\n \"value\": {\n \"new attribute label\": null\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete a Schema Attribute for Non-Employee Source", + "id": "244ac77f-380a-4e89-bacd-e23c19dcf814", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId", + "value": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "key": "attributeId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This end-point deletes a specific schema attribute for a non-employee source.\nRequires role context of `idn:nesr:delete`\n" + }, + "response": [ + { + "id": "d8e8195a-77dc-410e-99eb-6cc39e167223", + "name": "The Schema Attribute was successfully deleted.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "69301d3a-351f-440d-9791-15d28522ee80", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "ec740f51-248e-48a3-a5d9-4c01f7d40178", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "08d5c818-fafc-4eb1-ae6f-a97601abf80c", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "d22ad743-f942-4a14-a6dd-bb3dd813d7d7", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "5e02d25d-f6a2-4651-9ee0-aa67cfdbfe2d", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/non-employee-sources/:sourceId/schema-attributes/:attributeId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "non-employee-sources", + ":sourceId", + "schema-attributes", + ":attributeId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "attributeId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "67418560-64c0-4b69-82b8-320182135026", + "description": "Use this API to implement non-employee lifecycle management functionality. \nWith this functionality in place, administrators can create non-employee records and configure them for use in their organizations. \nThis allows organizations to provide secure access to non-employees and control that access. \n\nThe 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee. \nOrganizations can track non-employees' access and activity in IdentityNow by creating and maintaining non-employee sources. \nOrganizations can have a maximum of 50 non-employee sources. \n\nBy using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following:\n\n- SailPoint is not responsible for storing sensitive data. \nYou may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in IdentityNow.\n\n- You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts.\n\nTo manage non-employees in IdentityNow, administrators must create a non-employee source and add accounts to the source. \n\nTo create a non-employee source in IdentityNow, administrators must use the Admin panel to go to Connections > Sources.\nThey must then specify 'Non-Employee' in the 'Source Type' field. \nRefer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources.\n\nTo add accounts to a non-employee source in IdentityNow, administrators can select the non-employee source and add the accounts. \nThey can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to. \n\nAdministrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts. \nTo add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file. \nRefer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources.\n\nOnce administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities. \n\nRefer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management.\n" + }, + { + "name": "OAuth Clients", + "item": [ + { + "name": "List OAuth Clients", + "id": "f07aa6da-ef00-45bc-becb-2e80a6f3c61f", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients?filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + }, + "description": "This gets a list of OAuth clients." + }, + "response": [ + { + "id": "716fff99-7c0c-4d3f-b2fa-80e65958542b", + "name": "List of OAuth clients.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients?filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"enabled\": true,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ],\n \"lastUsed\": \"2017-07-11T18:45:37.098Z\"\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"enabled\": true,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ],\n \"lastUsed\": \"2017-07-11T18:45:37.098Z\"\n }\n]" + }, + { + "id": "4c670d2a-029b-481e-adbf-b6afbc5bb288", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients?filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "d6daec8e-5635-492b-be06-d30451ceeb6a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients?filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "502ea22f-81a3-46e7-b315-3a6b667e7baa", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients?filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "a7f3393c-72e8-4bfb-9bb3-eebce5c533eb", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients?filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "335a7bb9-401e-4628-b999-f5e8be733a5b", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients?filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ], + "query": [ + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create OAuth Client", + "id": "a3dc060a-ee09-46cc-8a89-a2e30c224be4", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"enabled\": true,\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ] + }, + "description": "This creates an OAuth client." + }, + "response": [ + { + "id": "2dcb8aa1-4c15-4d69-bbfd-bca18a4e099f", + "name": "Request succeeded.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"enabled\": true,\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"secret\": \"5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3\",\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"enabled\": true,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ]\n}" + }, + { + "id": "672b4835-729c-456e-b836-53249afb2cc1", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"enabled\": true,\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "fa2bc6cc-8f21-46f5-abcf-dad9511df327", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"enabled\": true,\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "d775e34e-753e-48e1-858e-d63a44d25949", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"enabled\": true,\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "0f851b4e-fe28-4de1-8321-e71eac8c196d", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"enabled\": true,\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f5a68f25-a551-4e1d-bf72-158eae16c569", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"enabled\": true,\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get OAuth Client", + "id": "76ecd385-edd7-44f5-bb9e-ded68297261d", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This gets details of an OAuth client." + }, + "response": [ + { + "id": "9dd357ee-0821-45c7-b58c-ed1fc25aca60", + "name": "Request succeeded.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"enabled\": true,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ],\n \"lastUsed\": \"2017-07-11T18:45:37.098Z\"\n}" + }, + { + "id": "8781d98b-02c8-45ad-99ce-2d370f3ceff9", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "6c3269ed-b4f5-451c-8d84-927748d80a5a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "f74e7b12-7859-4ea7-a2b6-03dce4760393", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "428a1af4-b89b-498d-9b59-4640259e1926", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "849ae047-95fd-45fc-bbe2-bfd0e3763fe9", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "53b9e43c-faea-4f5b-9e1f-8b4db8e44a1b", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete OAuth Client", + "id": "ad33025e-95ff-461b-830b-d1163258e7a2", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This deletes an OAuth client." + }, + "response": [ + { + "id": "7da179d2-2444-4ccf-b375-a5c397dc3742", + "name": "No content.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "e504e1b4-5d4f-4df8-be5b-61cbe60bb65a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "37945929-1cc6-4baa-9e59-027dbaa5fb5e", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "71eeb5b3-9077-4d86-a4b3-49775983eb6e", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "06804648-4e12-4615-8ed6-ea7fc0a85c5d", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "0ba42f96-f0a2-4eca-b8ce-d8010e256205", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "d162a152-f2f6-41ad-a6af-8271c4b193b1", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Patch OAuth Client", + "id": "ac367ccc-d31f-443f-90d6-eff858d4296c", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/strongAuthSupported\",\n \"value\": \"reprehenderit nostrud mollit officia\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/businessName\",\n \"value\": \"acme-solar\"\n }\n]" + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This performs a targeted update to the field(s) of an OAuth client." + }, + "response": [ + { + "id": "4505d463-b122-471d-947b-07b15dca04c7", + "name": "Indicates the PATCH operation succeeded, and returns the OAuth client's new representation.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/strongAuthSupported\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/businessName\",\n \"value\": \"acme-solar\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"businessName\": \"Acme-Solar\",\n \"homepageUrl\": \"http://localhost:12345\",\n \"name\": \"Demo API Client\",\n \"description\": \"An API client used for the authorization_code, refresh_token, and client_credentials flows\",\n \"accessTokenValiditySeconds\": 750,\n \"refreshTokenValiditySeconds\": 86400,\n \"redirectUris\": [\n \"http://localhost:12345\"\n ],\n \"grantTypes\": [\n \"AUTHORIZATION_CODE\",\n \"CLIENT_CREDENTIALS\",\n \"REFRESH_TOKEN\"\n ],\n \"accessType\": \"OFFLINE\",\n \"type\": \"CONFIDENTIAL\",\n \"internal\": false,\n \"enabled\": true,\n \"strongAuthSupported\": false,\n \"claimsSupported\": false,\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"scope\": [\n \"demo:api-client-scope:first\",\n \"demo:api-client-scope:second\"\n ],\n \"lastUsed\": \"2017-07-11T18:45:37.098Z\"\n}" + }, + { + "id": "5c9cd8c4-4489-4410-aa57-c7916b269218", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/strongAuthSupported\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/businessName\",\n \"value\": \"acme-solar\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "a42b0b27-f534-49be-9210-de6cad4baacb", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/strongAuthSupported\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/businessName\",\n \"value\": \"acme-solar\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "3ba65a6e-2d48-4bc1-b3df-04dda890cce1", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/strongAuthSupported\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/businessName\",\n \"value\": \"acme-solar\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "46d447a3-ed3c-4bd2-ba9e-a6854eb5f1e6", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/strongAuthSupported\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/businessName\",\n \"value\": \"acme-solar\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "8ec5376d-4c8f-4fb3-ba6a-ffe4dc40bd52", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/strongAuthSupported\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/businessName\",\n \"value\": \"acme-solar\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "9782e2a0-5267-4739-9ef9-ebf35340c920", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/strongAuthSupported\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/businessName\",\n \"value\": \"acme-solar\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/oauth-clients/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "oauth-clients", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "dd91a592-89a0-45ea-b3c5-dba30898ad85", + "description": "Use this API to implement OAuth client functionality. \nWith this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the IdentityNow REST API.\nRefer to [Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information about OAuth and how it works with the IdentityNow REST API. \n" + }, + { + "name": "Password Management", + "item": [ + { + "name": "Query Password Info", + "id": "458328b9-4a03-4b66-8e69-8069205ce545", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"userName\": \"Abby.Smith\",\n \"sourceName\": \"My-AD\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/query-password-info", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "query-password-info" + ] + }, + "description": "This API is used to query password related information. \n\nA token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) \nis required to call this API. \"API authority\" refers to a token that only has the \"client_credentials\" \ngrant type, and therefore no user context. A [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) \nor a token generated with the [authorization_code](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) \ngrant type will **NOT** work on this endpoint, and a `403 Forbidden` response \nwill be returned.\n" + }, + "response": [ + { + "id": "496c5a7c-89fc-4992-a3ba-4dad3980f6cf", + "name": "Reference to the password info.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"userName\": \"Abby.Smith\",\n \"sourceName\": \"My-AD\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/query-password-info", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "query-password-info" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"identityId\": \"2c918085744fec4301746f9a5bce4605\",\n \"sourceId\": \"2c918083746f642c01746f990884012a\",\n \"publicKeyId\": \"N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh\",\n \"publicKey\": \"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB\",\n \"accounts\": [\n {\n \"accountId\": \"CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com\",\n \"accountName\": \"Abby.Smith\"\n },\n {\n \"accountId\": \"CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com\",\n \"accountName\": \"Abby.Smith\"\n }\n ],\n \"policies\": [\n \"passwordRepeatedChar is 3\",\n \"passwordMinAlpha is 1\",\n \"passwordMinLength is 5\",\n \"passwordMinNumeric is 1\"\n ]\n}" + }, + { + "id": "9a4f1fd2-b2c9-446c-9902-a05c1c115e0b", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"userName\": \"Abby.Smith\",\n \"sourceName\": \"My-AD\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/query-password-info", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "query-password-info" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "68b597f6-9b88-49ee-a7b9-2e47d1cf900d", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"userName\": \"Abby.Smith\",\n \"sourceName\": \"My-AD\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/query-password-info", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "query-password-info" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "9f15b848-69ff-4e5a-91c3-a50a22670f27", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"userName\": \"Abby.Smith\",\n \"sourceName\": \"My-AD\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/query-password-info", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "query-password-info" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "303b9c5f-05eb-4495-a21f-83e59c0820aa", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"userName\": \"Abby.Smith\",\n \"sourceName\": \"My-AD\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/query-password-info", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "query-password-info" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "07b09f17-b50b-4afe-b800-e96fde7215ec", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"userName\": \"Abby.Smith\",\n \"sourceName\": \"My-AD\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/query-password-info", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "query-password-info" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Set Identity's Password", + "id": "e3a12eec-6943-4c5d-a802-101210735887", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"identityId\": \"8a807d4c73c545510173c545f0a002ff\",\n \"encryptedPassword\": \"XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==\",\n \"publicKeyId\": \"YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2\",\n \"accountId\": \"CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com\",\n \"sourceId\": \"8a807d4c73c545510173c545d4b60246\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/set-password", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "set-password" + ] + }, + "description": "This API is used to set a password for an identity. \n\nAn identity can change their own password if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or [\"authorization_code\" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow).\n\nA token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password. \"API authority\" refers to a token that only has the \"client_credentials\" grant type.\n" + }, + "response": [ + { + "id": "28a80a18-2238-4169-90e2-6db2a5a48b38", + "name": "Reference to the password change.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"identityId\": \"8a807d4c73c545510173c545f0a002ff\",\n \"encryptedPassword\": \"XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==\",\n \"publicKeyId\": \"YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2\",\n \"accountId\": \"CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com\",\n \"sourceId\": \"8a807d4c73c545510173c545d4b60246\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/set-password", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "set-password" + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"requestId\": \"089899f13a8f4da7824996191587bab9\",\n \"state\": \"IN_PROGRESS\"\n}" + }, + { + "id": "f2d6ef05-de7b-40a7-83b8-75c28064e7ab", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"identityId\": \"8a807d4c73c545510173c545f0a002ff\",\n \"encryptedPassword\": \"XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==\",\n \"publicKeyId\": \"YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2\",\n \"accountId\": \"CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com\",\n \"sourceId\": \"8a807d4c73c545510173c545d4b60246\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/set-password", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "set-password" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "1910eae8-d416-4ed0-8ffc-4a135a4329cd", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"identityId\": \"8a807d4c73c545510173c545f0a002ff\",\n \"encryptedPassword\": \"XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==\",\n \"publicKeyId\": \"YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2\",\n \"accountId\": \"CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com\",\n \"sourceId\": \"8a807d4c73c545510173c545d4b60246\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/set-password", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "set-password" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "6299a09d-ba45-4bd9-b6e3-6ccf404c8198", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"identityId\": \"8a807d4c73c545510173c545f0a002ff\",\n \"encryptedPassword\": \"XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==\",\n \"publicKeyId\": \"YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2\",\n \"accountId\": \"CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com\",\n \"sourceId\": \"8a807d4c73c545510173c545d4b60246\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/set-password", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "set-password" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "fc5e5195-045e-4da0-8f32-d27ef19f9ce9", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"identityId\": \"8a807d4c73c545510173c545f0a002ff\",\n \"encryptedPassword\": \"XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==\",\n \"publicKeyId\": \"YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2\",\n \"accountId\": \"CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com\",\n \"sourceId\": \"8a807d4c73c545510173c545d4b60246\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/set-password", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "set-password" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "faa18350-a013-455b-8592-d59b716e67b7", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"identityId\": \"8a807d4c73c545510173c545f0a002ff\",\n \"encryptedPassword\": \"XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A==\",\n \"publicKeyId\": \"YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2\",\n \"accountId\": \"CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com\",\n \"sourceId\": \"8a807d4c73c545510173c545d4b60246\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/set-password", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "set-password" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Password Change Request Status", + "id": "86a05bba-4e98-463a-a6b5-bd12eea86181", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/password-change-status/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-change-status", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "089899f13a8f4da7824996191587bab9" + } + ] + }, + "description": "This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API." + }, + "response": [ + { + "id": "e6f508f3-4e5e-446f-b2c1-f588c66c4a7e", + "name": "Status of the password change request", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-change-status/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-change-status", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"requestId\": \"089899f13a8f4da7824996191587bab9\",\n \"state\": \"IN_PROGRESS\",\n \"errors\": [\n \"The password change payload is invalid\"\n ],\n \"sourceIds\": [\n \"2c918083746f642c01746f990884012a\"\n ]\n}" + }, + { + "id": "d91ec234-9098-44e2-a6be-928801a4c40a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-change-status/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-change-status", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "4694531c-e4e8-43bc-93cf-615b31aa4865", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-change-status/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-change-status", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "b533dc7d-3d60-4a0a-a851-be0bf3f24b8a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-change-status/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-change-status", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "43147169-45b0-4967-958b-e59e5024510f", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-change-status/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-change-status", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "73980f04-0452-4831-a495-b0012dc981a4", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-change-status/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-change-status", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "4ca5f31a-ffb9-447b-9519-cf78de11664a", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-change-status/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-change-status", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "1359e229-2d45-4805-8706-043da4e9f7b8", + "description": "Use this API to implement password management functionality. \nWith this functionality in place, users can manage their identity passwords for all their applications.\n\nIn IdentityNow, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager. \nPassword Manager lists the user's identity's applications, possibly grouped to share passwords. \nUsers can then select 'Change Password' to update their passwords. \n\nGrouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually. \nPassword Manager may list the applications and sources in the following groups:\n\n- Password Group: This refers to a group of applications that share a password. \nFor example, a user can use the same password for Google Drive, Google Mail, and YouTube. \nUpdating the password for the password group updates the password for all its included applications.\n\n- Multi-Application Source: This refers to a source with multiple applications that share a password. \nFor example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications. \nUpdating the password for the multi-application source updates the password for all its included applications. \n\n- Applications: These are applications that do not share passwords with other applications.\n\nAn organization may require some authentication for users to update their passwords. \nUsers may be required to answer security questions or use a third-party authenticator before they can confirm their updates. \n\nRefer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management.\n" + }, + { + "name": "Password Dictionary", + "item": [ + { + "name": "Get Password Dictionary", + "id": "96e13295-3ee5-4d32-82b0-9bc022f50085", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "text/plain" + } + ], + "url": { + "raw": "{{baseUrl}}/password-dictionary", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-dictionary" + ] + }, + "description": "This gets password dictionary for the organization.\nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "dc4e34a0-2122-430b-ae40-6f85764bf2ea", + "name": "\nThe password dictionary file can contain lines that are:\n1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing\n2. empty lines\n3. locale line - the first line that starts with \"locale=\" is considered to be locale line, the rest are treated as normal content lines\n4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed;\n maximum length of the line is 128 Unicode codepoints\n\n\nPassword dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line).\n Password dict file must contain UTF-8 characters only.\n\n# Sample password text file\n\n```\n\n# Password dictionary small test file\n\nlocale=en_US\n\n# Password dictionary prohibited words\n\nqwerty\nabcd\naaaaa\npassword\nqazxsws\n\n```", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-dictionary", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-dictionary" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "text", + "header": [ + { + "key": "Content-Type", + "value": "text/plain" + } + ], + "cookie": [], + "body": "voluptate" + }, + { + "id": "2f32214f-2fa9-4dfe-b5c7-36c527f8624e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-dictionary", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-dictionary" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "97c4ae59-4612-48c7-8daa-fbf10cac95d6", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-dictionary", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-dictionary" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "84501ece-85c4-45a2-8d18-184d7daff951", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-dictionary", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-dictionary" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "ba1eb48e-d307-4cb1-b4a4-916a98d84357", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-dictionary", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-dictionary" + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "34726c08-ae25-417e-be74-78ba1119a3f7", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-dictionary", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-dictionary" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f7568969-3a28-450b-ab82-9f6f3ffb1d01", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/password-dictionary", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "password-dictionary" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "be8c6cd3-db3e-4b5c-839a-a78c4e977720", + "description": "Use this API to implement password dictionary functionality. \nWith this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords. \n\nA password dictionary is a list of words or characters that users are prevented from including in their passwords. \nThis can help protect users from themselves and force them to create passwords that are not easy to break. \n\nA password dictionary must meet the following requirements to for the API to handle them correctly: \n\n- It must be in .txt format.\n\n- All characters must be UTF-8 characters. \n\n- Each line must contain a single word or character with no spaces or whitespace characters.\n\n- It must contain at least one line other than the locale string.\n\n- Each line must not exceed 128 characters.\n\n- The file must not exceed 2500 lines. \n\nAdministrators should also consider the following when they create their dictionaries: \n\n- Lines starting with a # represent comments.\n\n- All words in the password dictionary are case-insensitive. \nFor example, adding the word \"password\" to the dictionary also disallows the following: PASSWORD, Password, and PassWord.\n\n- The dictionary uses substring matching. \nFor example, adding the word \"spring\" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring.\nUsers can then select 'Change Password' to update their passwords. \n\nAdministrators must do the following to create a password dictionary: \n\n- Create the text file that will contain the prohibited password values.\n\n- If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode`\n\nThe languageCode value refers to the language's 2-letter ISO 639-1 code.\nThe countryCode value refers to the country's 2-letter ISO 3166-1 code.\n\nRefer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes.\n\n- Upload the .txt file to IdentityNow with [Update Password Dictionary](https://developer.sailpoint.com/idn/api/beta/update-password-dictionary). Uploading a new file always overwrites the previous dictionary file.\n\nAdministrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it.\n\nRefer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries.\n" + }, + { + "name": "Personal Access Tokens", + "item": [ + { + "name": "List Personal Access Tokens", + "id": "3f7d8a11-e327-45ab-ba0d-59fdab3cc0cb", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens?owner-id=2c9180867b50d088017b554662fb281e&filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ], + "query": [ + { + "description": "The identity ID of the owner whose personal access tokens should be listed. If \"me\", the caller should have the following right: 'idn:my-personal-access-tokens:read'\nIf an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. \nIf the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'", + "key": "owner-id", + "value": "2c9180867b50d088017b554662fb281e" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + }, + "description": "This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the 'idn:all-personal-access-tokens:read' right." + }, + "response": [ + { + "id": "185e67a0-fc27-4c4b-ad6b-ec7c8e090f67", + "name": "List of personal access tokens.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens?owner-id=2c9180867b50d088017b554662fb281e&filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ], + "query": [ + { + "description": "The identity ID of the owner whose personal access tokens should be listed. If \"me\", the caller should have the following right: 'idn:my-personal-access-tokens:read'\nIf an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. \nIf the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'", + "key": "owner-id", + "value": "2c9180867b50d088017b554662fb281e" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"86f1dc6fe8f54414950454cbb11278fa\",\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ],\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"lastUsed\": \"2017-07-11T18:45:37.098Z\"\n },\n {\n \"id\": \"86f1dc6fe8f54414950454cbb11278fa\",\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ],\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"lastUsed\": \"2017-07-11T18:45:37.098Z\"\n }\n]" + }, + { + "id": "a7e41675-8028-4f00-9fa5-6790fc45beb4", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens?owner-id=2c9180867b50d088017b554662fb281e&filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ], + "query": [ + { + "description": "The identity ID of the owner whose personal access tokens should be listed. If \"me\", the caller should have the following right: 'idn:my-personal-access-tokens:read'\nIf an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. \nIf the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'", + "key": "owner-id", + "value": "2c9180867b50d088017b554662fb281e" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "f6ffd9a8-9256-43eb-82a7-41d8ed7d0024", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens?owner-id=2c9180867b50d088017b554662fb281e&filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ], + "query": [ + { + "description": "The identity ID of the owner whose personal access tokens should be listed. If \"me\", the caller should have the following right: 'idn:my-personal-access-tokens:read'\nIf an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. \nIf the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'", + "key": "owner-id", + "value": "2c9180867b50d088017b554662fb281e" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "e3495f69-f579-4ac1-a9a2-7ccff249e0ea", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens?owner-id=2c9180867b50d088017b554662fb281e&filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ], + "query": [ + { + "description": "The identity ID of the owner whose personal access tokens should be listed. If \"me\", the caller should have the following right: 'idn:my-personal-access-tokens:read'\nIf an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. \nIf the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'", + "key": "owner-id", + "value": "2c9180867b50d088017b554662fb281e" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "fbb4b8f9-9b20-4d87-99bf-6b93b6f1ef35", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens?owner-id=2c9180867b50d088017b554662fb281e&filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ], + "query": [ + { + "description": "The identity ID of the owner whose personal access tokens should be listed. If \"me\", the caller should have the following right: 'idn:my-personal-access-tokens:read'\nIf an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. \nIf the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'", + "key": "owner-id", + "value": "2c9180867b50d088017b554662fb281e" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "72cdb63e-bcfc-428d-8a93-600f2608968f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens?owner-id=2c9180867b50d088017b554662fb281e&filters=lastUsed le 2023-02-05T10:59:27.214Z", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ], + "query": [ + { + "description": "The identity ID of the owner whose personal access tokens should be listed. If \"me\", the caller should have the following right: 'idn:my-personal-access-tokens:read'\nIf an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. \nIf the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read'", + "key": "owner-id", + "value": "2c9180867b50d088017b554662fb281e" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**lastUsed**: *le, isnull*", + "key": "filters", + "value": "lastUsed le 2023-02-05T10:59:27.214Z" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create Personal Access Token", + "id": "2f9bcf79-75a2-412c-a5e2-190589e4e5a7", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ] + }, + "description": "This creates a personal access token." + }, + "response": [ + { + "id": "6a92c24d-3dc8-4e75-8c6b-0a9d6eaa72e7", + "name": "Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"86f1dc6fe8f54414950454cbb11278fa\",\n \"secret\": \"1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ],\n \"name\": \"NodeJS Integration\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\"\n}" + }, + { + "id": "0d34c370-d62e-46ed-bdff-d9b2ab75b8f0", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "b1694fb2-6913-48eb-a335-73b15dfb2451", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "954d7970-674f-435a-9cad-3f210e27469a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "0dcc586b-ebeb-477a-89a5-0d2da9046f5d", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "441fac07-15d3-47e9-bbf1-ee66ed438ac7", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Patch Personal Access Token", + "id": "52cb918e-1f6b-4a76-869f-50c52b043067", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": \"New name\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/scope\",\n \"value\": [\n \"sp:scopes:all\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This performs a targeted update to the field(s) of a Personal Access Token." + }, + "response": [ + { + "id": "cbc4ba89-c060-4c8b-9583-42195640f412", + "name": "Indicates the PATCH operation succeeded, and returns the PAT's new representation.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": \"New name\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/scope\",\n \"value\": [\n \"sp:scopes:all\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"86f1dc6fe8f54414950454cbb11278fa\",\n \"name\": \"NodeJS Integration\",\n \"scope\": [\n \"demo:personal-access-token-scope:first\",\n \"demo:personal-access-token-scope:second\"\n ],\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"William Wilson\"\n },\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"lastUsed\": \"2017-07-11T18:45:37.098Z\"\n}" + }, + { + "id": "7e6fa6e5-496b-4117-886f-824822126d83", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": \"New name\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/scope\",\n \"value\": [\n \"sp:scopes:all\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "7bf06b9c-940f-4884-8064-b00d614e2902", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": \"New name\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/scope\",\n \"value\": [\n \"sp:scopes:all\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "eaabcb24-54ea-4fb5-bf06-a84184031293", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": \"New name\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/scope\",\n \"value\": [\n \"sp:scopes:all\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "fbe085bb-b456-4ec7-98aa-5786460e35f9", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": \"New name\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/scope\",\n \"value\": [\n \"sp:scopes:all\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "75b27ce7-bd18-4140-a88e-2d8160ae3616", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": \"New name\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/scope\",\n \"value\": [\n \"sp:scopes:all\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "fc4187c2-7093-4d71-9925-53c7b9530701", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/name\",\n \"value\": \"New name\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/scope\",\n \"value\": [\n \"sp:scopes:all\"\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Personal Access Token", + "id": "34024a45-1fd7-4a60-98e9-73c6fa07c776", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This deletes a personal access token." + }, + "response": [ + { + "id": "10d55017-e181-4a57-81e6-f462272656ed", + "name": "No content.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "9456a183-63cd-46f9-bc79-f3ca3fec5340", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "4eb831fc-a75d-4444-a3ff-bd2d2af28c63", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "c37a876f-b5a4-4ab7-bc3f-8626fc408208", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "6d34801f-3cc2-4c85-bb73-c262d713098c", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "4b962447-75cf-4730-8d39-73052f847955", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "0d923c68-857b-429e-9677-ad96f46ca50f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/personal-access-tokens/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "personal-access-tokens", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "7c824861-2471-4f4e-8de4-bd803c15261e", + "description": "Use this API to implement personal access token (PAT) functionality. \nWith this functionality in place, users can use PATs as an alternative to passwords for authentication in IdentityNow. \n\nPATs embed user information into the client ID and secret. \nThis replaces the API clients' need to store and provide a username and password to establish a connection, improving IdentityNow organizations' integration security. \n\nIn IdentityNow, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens. \nThey must then provide a description about the token's purpose. \nThey can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID. \n\nRefer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/generate_tokens.html) for more information about PATs.\n" + }, + { + "name": "Public Identities", + "item": [ + { + "name": "Get a list of public identities", + "id": "a08b37f1-a8d8-4c59-84da-69098f163a36", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities?limit=250&offset=0&count=true&filters=firstname eq \"John\"&add-core-filters=false&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**alias**: *eq, sw*\n\n**email**: *eq, sw*\n\n**firstname**: *eq, sw*\n\n**lastname**: *eq, sw*", + "key": "filters", + "value": "firstname eq \"John\"" + }, + { + "description": "If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:\n - Should be either correlated or protected.\n - Should not be \"spadmin\" or \"cloudadmin\".\n - uid should not be null.\n - lastname should not be null.\n - email should not be null.", + "key": "add-core-filters", + "value": "false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ] + } + }, + "response": [ + { + "id": "f99cc3d2-b400-4989-8e24-bc29e83600a7", + "name": "A list of public identity objects.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities?limit=250&offset=0&count=true&filters=firstname eq \"John\"&add-core-filters=false&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**alias**: *eq, sw*\n\n**email**: *eq, sw*\n\n**firstname**: *eq, sw*\n\n**lastname**: *eq, sw*", + "key": "filters", + "value": "firstname eq \"John\"" + }, + { + "description": "If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:\n - Should be either correlated or protected.\n - Should not be \"spadmin\" or \"cloudadmin\".\n - uid should not be null.\n - lastname should not be null.\n - email should not be null.", + "key": "add-core-filters", + "value": "false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180857182305e0171993735622948\",\n \"name\": \"Alison Ferguso\",\n \"alias\": \"alison.ferguso\",\n \"email\": \"alison.ferguso@acme-solar.com\",\n \"status\": \"Active\",\n \"manager\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n },\n \"attributes\": [\n {\n \"key\": \"phone\",\n \"name\": \"Phone\",\n \"value\": \"5125551234\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\",\n \"value\": \"US\"\n }\n ]\n },\n {\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"alias\": \"thomas.edison\",\n \"email\": \"thomas.edison@acme-solar.com\",\n \"status\": \"Active\",\n \"manager\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c918086676d3e0601677611dbde220f\",\n \"name\": \"Mister Manager\"\n },\n \"attributes\": [\n {\n \"key\": \"phone\",\n \"name\": \"Phone\",\n \"value\": \"5125554321\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\",\n \"value\": \"US\"\n }\n ]\n }\n]" + }, + { + "id": "61705179-2322-47c1-81e6-acd3a16b9faf", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities?limit=250&offset=0&count=true&filters=firstname eq \"John\"&add-core-filters=false&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**alias**: *eq, sw*\n\n**email**: *eq, sw*\n\n**firstname**: *eq, sw*\n\n**lastname**: *eq, sw*", + "key": "filters", + "value": "firstname eq \"John\"" + }, + { + "description": "If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:\n - Should be either correlated or protected.\n - Should not be \"spadmin\" or \"cloudadmin\".\n - uid should not be null.\n - lastname should not be null.\n - email should not be null.", + "key": "add-core-filters", + "value": "false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "fd92b79d-e149-47e7-a5b7-6445e7d7cfae", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities?limit=250&offset=0&count=true&filters=firstname eq \"John\"&add-core-filters=false&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**alias**: *eq, sw*\n\n**email**: *eq, sw*\n\n**firstname**: *eq, sw*\n\n**lastname**: *eq, sw*", + "key": "filters", + "value": "firstname eq \"John\"" + }, + { + "description": "If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:\n - Should be either correlated or protected.\n - Should not be \"spadmin\" or \"cloudadmin\".\n - uid should not be null.\n - lastname should not be null.\n - email should not be null.", + "key": "add-core-filters", + "value": "false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0f18b828-0649-4da7-863d-b7614cc861f3", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities?limit=250&offset=0&count=true&filters=firstname eq \"John\"&add-core-filters=false&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**alias**: *eq, sw*\n\n**email**: *eq, sw*\n\n**firstname**: *eq, sw*\n\n**lastname**: *eq, sw*", + "key": "filters", + "value": "firstname eq \"John\"" + }, + { + "description": "If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:\n - Should be either correlated or protected.\n - Should not be \"spadmin\" or \"cloudadmin\".\n - uid should not be null.\n - lastname should not be null.\n - email should not be null.", + "key": "add-core-filters", + "value": "false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "6a8d4bcd-2339-4e35-b326-ecb27ff94218", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities?limit=250&offset=0&count=true&filters=firstname eq \"John\"&add-core-filters=false&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**alias**: *eq, sw*\n\n**email**: *eq, sw*\n\n**firstname**: *eq, sw*\n\n**lastname**: *eq, sw*", + "key": "filters", + "value": "firstname eq \"John\"" + }, + { + "description": "If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:\n - Should be either correlated or protected.\n - Should not be \"spadmin\" or \"cloudadmin\".\n - uid should not be null.\n - lastname should not be null.\n - email should not be null.", + "key": "add-core-filters", + "value": "false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "701e3750-fa34-45cb-b98c-cb54612b4b63", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities?limit=250&offset=0&count=true&filters=firstname eq \"John\"&add-core-filters=false&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**alias**: *eq, sw*\n\n**email**: *eq, sw*\n\n**firstname**: *eq, sw*\n\n**lastname**: *eq, sw*", + "key": "filters", + "value": "firstname eq \"John\"" + }, + { + "description": "If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*:\n - Should be either correlated or protected.\n - Should not be \"spadmin\" or \"cloudadmin\".\n - uid should not be null.\n - lastname should not be null.\n - email should not be null.", + "key": "add-core-filters", + "value": "false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "b072d428-aab1-494a-9834-39b42b86953b", + "description": "Use this API in conjunction with [Public Identites Config](https://developer.sailpoint.com/idn/api/v3/public-identities-config) to enable non-administrators to view identities' publicly visible attributes. \nWith this functionality in place, non-administrators can view identity attributes other than the default attributes (email, lifecycle state, and manager), depending on which identity attributes their organization administrators have made public. \nThis can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.\n" + }, + { + "name": "Public Identities Config", + "item": [ + { + "name": "Get the Public Identities Configuration", + "id": "652a3396-6e91-4327-8765-d52f988c02b3", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + }, + "description": "Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "a6cd45f4-055a-4043-a67f-60a75c9fb2f7", + "name": "Request succeeded.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"attributes\": [\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n }\n ],\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"modifiedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n }\n}" + }, + { + "id": "d1813bb4-3f86-48e2-b144-77ea3ecc6b15", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "222b285a-de08-4b40-b6e2-037bd856d827", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "cc5550ca-c53e-43bd-973a-5de8a6ffded6", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "064edbff-9fc9-4d07-ba90-367e1a5cd6fa", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "48a9dd19-7e21-4cf7-a0d4-653466b4ed04", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update the Public Identities Configuration", + "id": "9cec6ad0-fccc-4fb1-9b09-96467d2ae1e8", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": [\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n }\n ],\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"modifiedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + }, + "description": "Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "433442b1-ba73-4718-8832-3e8adf51a6c1", + "name": "Request succeeded.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": [\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n }\n ],\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"modifiedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"attributes\": [\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n }\n ],\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"modifiedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n }\n}" + }, + { + "id": "99bceaa5-98dc-4224-8610-da40dc2ce7ee", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": [\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n }\n ],\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"modifiedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "eddfd216-978b-45e2-8084-3ab0e054803d", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": [\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n }\n ],\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"modifiedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "7946c2e0-1439-4a0a-a859-fb412242f6d3", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": [\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n }\n ],\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"modifiedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "e615d263-f606-43d1-998e-0bcf4e9f12ae", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": [\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n }\n ],\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"modifiedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "9f148106-310c-40b1-adc6-bfa3135d794a", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": [\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n },\n {\n \"key\": \"country\",\n \"name\": \"Country\"\n }\n ],\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"modifiedBy\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/public-identities-config", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "public-identities-config" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "44592641-d505-46e1-8016-cdbd2fd6fef2", + "description": "Use this API to implement public identity configuration functionality. \nWith this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions. \nThis can be helpful for approvers making approvals, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks.\n\nBy default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager. \nHowever, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc.\nAdministrators can use this API to make those necessary identity attributes public to non-administrators. \n\nFor example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department. \nIf an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/idn/api/v3/update-public-identity-config) to make the \"department\" attribute public, the approver can see the department and make a decision without requesting any more information.\n" + }, + { + "name": "Requestable Objects", + "item": [ + { + "name": "Requestable Objects List", + "id": "0c5121f3-ef01-4c8f-a484-ba23c0c54b6a", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/requestable-objects?identity-id=e7eab60924f64aa284175b9fa3309599&types=ROLE,ACCESS_PROFILE&term=Finance Role&statuses=ASSIGNED,PENDING&limit=250&offset=0&count=true&filters=name sw \"bob\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "requestable-objects" + ], + "query": [ + { + "description": "If present, the value returns only requestable objects for the specified identity.\n * Admin users can call this with any identity ID value.\n * Non-admin users can only specify *me* or pass their own identity ID value.\n * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.", + "key": "identity-id", + "value": "e7eab60924f64aa284175b9fa3309599" + }, + { + "description": "Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.", + "key": "types", + "value": "ROLE,ACCESS_PROFILE" + }, + { + "description": "It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.", + "key": "term", + "value": "Finance Role" + }, + { + "description": "Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.", + "key": "statuses", + "value": "ASSIGNED,PENDING" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n", + "key": "filters", + "value": "name sw \"bob\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**\n", + "key": "sorters", + "value": "name" + } + ] + }, + "description": "This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param.\nAny authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity." + }, + "response": [ + { + "id": "169b63c4-e984-4fc1-8327-ac018da669a1", + "name": "List of requestable objects", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/requestable-objects?identity-id=e7eab60924f64aa284175b9fa3309599&types=ROLE,ACCESS_PROFILE&term=Finance Role&statuses=ASSIGNED,PENDING&limit=250&offset=0&count=true&filters=name sw \"bob\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "requestable-objects" + ], + "query": [ + { + "description": "If present, the value returns only requestable objects for the specified identity.\n * Admin users can call this with any identity ID value.\n * Non-admin users can only specify *me* or pass their own identity ID value.\n * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.", + "key": "identity-id", + "value": "e7eab60924f64aa284175b9fa3309599" + }, + { + "description": "Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.", + "key": "types", + "value": "ROLE,ACCESS_PROFILE" + }, + { + "description": "It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.", + "key": "term", + "value": "Finance Role" + }, + { + "description": "Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.", + "key": "statuses", + "value": "ASSIGNED,PENDING" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n", + "key": "filters", + "value": "name sw \"bob\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**\n", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Applied Research Access\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Access to research information, lab results, and schematics.\",\n \"type\": \"ACCESS_PROFILE\",\n \"requestStatus\": \"AVAILABLE\",\n \"identityRequestId\": null,\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"requestCommentsRequired\": false\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"Applied Research Access\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Access to research information, lab results, and schematics.\",\n \"type\": \"ACCESS_PROFILE\",\n \"requestStatus\": \"AVAILABLE\",\n \"identityRequestId\": null,\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"5168015d32f890ca15812c9180835d2e\",\n \"name\": \"Alison Ferguso\",\n \"email\": \"alison.ferguso@identitysoon.com\"\n },\n \"requestCommentsRequired\": false\n }\n]" + }, + { + "id": "768c592f-7e00-46c3-80e3-13b88685a87a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/requestable-objects?identity-id=e7eab60924f64aa284175b9fa3309599&types=ROLE,ACCESS_PROFILE&term=Finance Role&statuses=ASSIGNED,PENDING&limit=250&offset=0&count=true&filters=name sw \"bob\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "requestable-objects" + ], + "query": [ + { + "description": "If present, the value returns only requestable objects for the specified identity.\n * Admin users can call this with any identity ID value.\n * Non-admin users can only specify *me* or pass their own identity ID value.\n * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.", + "key": "identity-id", + "value": "e7eab60924f64aa284175b9fa3309599" + }, + { + "description": "Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.", + "key": "types", + "value": "ROLE,ACCESS_PROFILE" + }, + { + "description": "It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.", + "key": "term", + "value": "Finance Role" + }, + { + "description": "Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.", + "key": "statuses", + "value": "ASSIGNED,PENDING" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n", + "key": "filters", + "value": "name sw \"bob\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**\n", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "7ad6d016-2997-4f5f-ba74-d48d216f6942", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/requestable-objects?identity-id=e7eab60924f64aa284175b9fa3309599&types=ROLE,ACCESS_PROFILE&term=Finance Role&statuses=ASSIGNED,PENDING&limit=250&offset=0&count=true&filters=name sw \"bob\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "requestable-objects" + ], + "query": [ + { + "description": "If present, the value returns only requestable objects for the specified identity.\n * Admin users can call this with any identity ID value.\n * Non-admin users can only specify *me* or pass their own identity ID value.\n * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.", + "key": "identity-id", + "value": "e7eab60924f64aa284175b9fa3309599" + }, + { + "description": "Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.", + "key": "types", + "value": "ROLE,ACCESS_PROFILE" + }, + { + "description": "It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.", + "key": "term", + "value": "Finance Role" + }, + { + "description": "Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.", + "key": "statuses", + "value": "ASSIGNED,PENDING" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n", + "key": "filters", + "value": "name sw \"bob\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**\n", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "56c35330-4ed7-46f5-ba8f-2e9f792820be", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/requestable-objects?identity-id=e7eab60924f64aa284175b9fa3309599&types=ROLE,ACCESS_PROFILE&term=Finance Role&statuses=ASSIGNED,PENDING&limit=250&offset=0&count=true&filters=name sw \"bob\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "requestable-objects" + ], + "query": [ + { + "description": "If present, the value returns only requestable objects for the specified identity.\n * Admin users can call this with any identity ID value.\n * Non-admin users can only specify *me* or pass their own identity ID value.\n * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.", + "key": "identity-id", + "value": "e7eab60924f64aa284175b9fa3309599" + }, + { + "description": "Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.", + "key": "types", + "value": "ROLE,ACCESS_PROFILE" + }, + { + "description": "It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.", + "key": "term", + "value": "Finance Role" + }, + { + "description": "Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.", + "key": "statuses", + "value": "ASSIGNED,PENDING" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n", + "key": "filters", + "value": "name sw \"bob\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**\n", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "741629b5-0710-47dd-b65c-c38a40e74773", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/requestable-objects?identity-id=e7eab60924f64aa284175b9fa3309599&types=ROLE,ACCESS_PROFILE&term=Finance Role&statuses=ASSIGNED,PENDING&limit=250&offset=0&count=true&filters=name sw \"bob\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "requestable-objects" + ], + "query": [ + { + "description": "If present, the value returns only requestable objects for the specified identity.\n * Admin users can call this with any identity ID value.\n * Non-admin users can only specify *me* or pass their own identity ID value.\n * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.", + "key": "identity-id", + "value": "e7eab60924f64aa284175b9fa3309599" + }, + { + "description": "Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.", + "key": "types", + "value": "ROLE,ACCESS_PROFILE" + }, + { + "description": "It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.", + "key": "term", + "value": "Finance Role" + }, + { + "description": "Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.", + "key": "statuses", + "value": "ASSIGNED,PENDING" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n", + "key": "filters", + "value": "name sw \"bob\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**\n", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "c7239989-a5cf-42a2-a243-3658e1288a5c", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/requestable-objects?identity-id=e7eab60924f64aa284175b9fa3309599&types=ROLE,ACCESS_PROFILE&term=Finance Role&statuses=ASSIGNED,PENDING&limit=250&offset=0&count=true&filters=name sw \"bob\"&sorters=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "requestable-objects" + ], + "query": [ + { + "description": "If present, the value returns only requestable objects for the specified identity.\n * Admin users can call this with any identity ID value.\n * Non-admin users can only specify *me* or pass their own identity ID value.\n * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.", + "key": "identity-id", + "value": "e7eab60924f64aa284175b9fa3309599" + }, + { + "description": "Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.", + "key": "types", + "value": "ROLE,ACCESS_PROFILE" + }, + { + "description": "It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.", + "key": "term", + "value": "Finance Role" + }, + { + "description": "Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.", + "key": "statuses", + "value": "ASSIGNED,PENDING" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq, in, sw*\n", + "key": "filters", + "value": "name sw \"bob\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**\n", + "key": "sorters", + "value": "name" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "825ae3df-09f6-4d01-82e2-0df3e8bb9529", + "description": "Use this API to implement requestable object functionality. \nWith this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/idn/api/v3/access-requests), along with their statuses. \nThis can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available.\n" + }, + { + "name": "Roles", + "item": [ + { + "name": "List Roles", + "id": "553c160b-0687-4318-98ed-5b3d0b99ff05", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/roles?for-subadmin=5168015d32f890ca15812c9180835d2e&limit=50&offset=0&count=true&filters=requestable eq false&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "5168015d32f890ca15812c9180835d2e" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators:\n**id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*", + "key": "filters", + "value": "requestable eq false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + }, + "description": "This API returns a list of Roles.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API." + }, + "response": [ + { + "id": "4fcc47ca-a0d0-47b7-acb2-bc22154be33c", + "name": "List of Roles", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles?for-subadmin=5168015d32f890ca15812c9180835d2e&limit=50&offset=0&count=true&filters=requestable eq false&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "5168015d32f890ca15812c9180835d2e" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators:\n**id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*", + "key": "filters", + "value": "requestable eq false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n },\n {\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n }\n]" + }, + { + "id": "2004aa5e-c279-4347-bd47-f3bedc57d288", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles?for-subadmin=5168015d32f890ca15812c9180835d2e&limit=50&offset=0&count=true&filters=requestable eq false&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "5168015d32f890ca15812c9180835d2e" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators:\n**id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*", + "key": "filters", + "value": "requestable eq false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "e7bedff8-64c8-4670-952c-682cd90ff743", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles?for-subadmin=5168015d32f890ca15812c9180835d2e&limit=50&offset=0&count=true&filters=requestable eq false&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "5168015d32f890ca15812c9180835d2e" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators:\n**id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*", + "key": "filters", + "value": "requestable eq false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "a4d79d90-a318-4b4f-b46f-19c339c28f22", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles?for-subadmin=5168015d32f890ca15812c9180835d2e&limit=50&offset=0&count=true&filters=requestable eq false&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "5168015d32f890ca15812c9180835d2e" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators:\n**id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*", + "key": "filters", + "value": "requestable eq false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "24df779b-a1d0-446e-b812-83fbce68d1c3", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles?for-subadmin=5168015d32f890ca15812c9180835d2e&limit=50&offset=0&count=true&filters=requestable eq false&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "5168015d32f890ca15812c9180835d2e" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators:\n**id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*", + "key": "filters", + "value": "requestable eq false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "3a74a3af-fb3e-449c-81cd-399a229a49bf", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles?for-subadmin=5168015d32f890ca15812c9180835d2e&limit=50&offset=0&count=true&filters=requestable eq false&sorters=name,-modified&for-segment-ids=0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d&include-unsegmented=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ], + "query": [ + { + "description": "If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.", + "key": "for-subadmin", + "value": "5168015d32f890ca15812c9180835d2e" + }, + { + "description": "Note that for this API the maximum value for limit is 50.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "50" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators:\n**id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq*", + "key": "filters", + "value": "requestable eq false" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**", + "key": "sorters", + "value": "name,-modified" + }, + { + "description": "If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.\n\nIf segmentation is currently unavailable, specifying this parameter results in an error.", + "key": "for-segment-ids", + "value": "0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d" + }, + { + "description": "Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.", + "key": "include-unsegmented", + "value": "false" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create a Role", + "id": "df718be4-bab1-47bb-b0df-c9132ecc3659", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ] + }, + "description": "This API creates a Role.\nThere is a soft limit of 800 roles per org in IdentityNow. You will receive an error if you attempt to add more than 800 roles via the API or the UI. If you need to add roles above this limit, please create a support ticket.\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile is associated with a Source with which the ROLE_SUBADMIN is not themselves associated.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters." + }, + "response": [ + { + "id": "6a18526f-571a-49f8-9b3f-48d741ea83b4", + "name": "Role created", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}" + }, + { + "id": "7bbd6cd6-97f0-4f0c-8375-8870bf4aa903", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "b8c0dfc6-5bea-4977-87e6-d7214e8d2413", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "c6580ab2-6f63-41de-89fb-28f3b0c4aff2", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "e494e9b0-1d1a-47d6-a709-6da34fe47e7d", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "2ca8d1a8-3875-4db2-b957-88026d43d426", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get a Role", + "id": "8f2e850b-ea95-4b03-a70c-25e72a2a5493", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c91808a7813090a017814121e121518" + } + ] + }, + "description": "This API returns a Role by its ID.\n\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member." + }, + "response": [ + { + "id": "2825687a-cdf1-47cc-a5c9-513a22cb7cd9", + "name": "List of all Roles", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}" + }, + { + "id": "650f43d2-09ba-4116-a4f1-60ef1906889e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "0c6b8536-2d6a-42bd-b6c8-d2a65cde4f54", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "391ca77a-b25d-4f56-83be-f220c253396b", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "6e13b5fa-b9dd-4470-9fbc-38d8651111f0", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "a31257a5-a834-4ba3-a485-ce87c00a6830", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Patch a specified Role", + "id": "36b5a313-b252-48d8-bf11-91f2ce25a6ff", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/requestable\",\n \"value\": \"est culpa aliqua reprehenderit\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/enabled\",\n \"value\": \"esse aliquip exercitation\"\n }\n]" + }, + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c91808a7813090a017814121e121518" + } + ] + }, + "description": "This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax.\n\nThe following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**\nA token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member.\nThe maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters." + }, + "response": [ + { + "id": "e37b7142-d48a-4325-85d6-25155c97a03e", + "name": "Responds with the Role as updated.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/requestable\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/enabled\",\n \"value\": true\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"Role 2567\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"support\"\n },\n \"id\": \"2c918086749d78830174a1a40e121518\",\n \"created\": \"2021-03-01T22:32:58.104Z\",\n \"modified\": \"2021-03-02T20:22:28.104Z\",\n \"description\": \"Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.\",\n \"accessProfiles\": [\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n },\n {\n \"id\": \"ff808081751e6e129f1518161919ecca\",\n \"type\": \"ACCESS_PROFILE\",\n \"name\": \"Access Profile 2567\"\n }\n ],\n \"membership\": {\n \"type\": \"IDENTITY_LIST\",\n \"criteria\": {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\",\n \"children\": [\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n },\n {\n \"operation\": \"EQUALS\",\n \"key\": {\n \"type\": \"ACCOUNT\",\n \"property\": \"attribute.email\",\n \"sourceId\": \"2c9180867427f3a301745aec18211519\"\n },\n \"stringValue\": \"carlee.cert1c9f9b6fd@mailinator.com\"\n }\n ]\n }\n ]\n },\n \"identities\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"name\": \"Thomas Edison\",\n \"aliasName\": \"t.edison\"\n }\n ]\n },\n \"legacyMembershipInfo\": {\n \"type\": \"IDENTITY_LIST\"\n },\n \"enabled\": true,\n \"requestable\": true,\n \"accessRequestConfig\": {\n \"commentsRequired\": true,\n \"denialCommentsRequired\": true,\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"revocationRequestConfig\": {\n \"approvalSchemes\": [\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n },\n {\n \"approverType\": \"GOVERNANCE_GROUP\",\n \"approverId\": \"46c79819-a69f-49a2-becb-12c971ae66c6\"\n }\n ]\n },\n \"segments\": [\n \"f7b1b8a3-5fed-4fd4-ad29-82014e137e19\",\n \"29cb6c06-1da8-43ea-8be4-b3125f248f2a\"\n ]\n}" + }, + { + "id": "6c0d767f-0638-4e9d-afa9-d954ba31e2cb", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/requestable\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/enabled\",\n \"value\": true\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "53fff3cf-230a-441b-9807-b968411c3add", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/requestable\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/enabled\",\n \"value\": true\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "133f0c32-5d9e-45c1-b025-0768562d43d3", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/requestable\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/enabled\",\n \"value\": true\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "31dd5474-a769-47d4-b9dd-9b51eafa3ef0", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/requestable\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/enabled\",\n \"value\": true\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "29f7a5d1-4427-46ac-b0d0-86289fe3b1fa", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/requestable\",\n \"value\": true\n },\n {\n \"op\": \"replace\",\n \"path\": \"/enabled\",\n \"value\": true\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/roles/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "List Identities assigned a Role", + "id": "b367ed58-f781-4043-a6da-6e9a1515d698", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id/assigned-identities?limit=250&offset=0&count=true&filters=name sw Joe&sorters=aliasName,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id", + "assigned-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**aliasName**: *eq, sw*\n\n**email**: *eq, sw*\n\n**name**: *eq, sw, co*", + "key": "filters", + "value": "name sw Joe" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **aliasName**, **email**", + "key": "sorters", + "value": "aliasName,name" + } + ], + "variable": [ + { + "key": "id", + "value": "2c91808a7813090a017814121e121518" + } + ] + } + }, + "response": [ + { + "id": "47c851e0-9272-4377-bc42-29834fa39511", + "name": "List of Identities assigned the Role", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id/assigned-identities?limit=250&offset=0&count=true&filters=name sw Joe&sorters=aliasName,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id", + "assigned-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**aliasName**: *eq, sw*\n\n**email**: *eq, sw*\n\n**name**: *eq, sw, co*", + "key": "filters", + "value": "name sw Joe" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **aliasName**, **email**", + "key": "sorters", + "value": "aliasName,name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"aliasName\": \"t.edison\",\n \"name\": \"Thomas Edison\",\n \"email\": \"t.edison@identitynow.com\",\n \"roleAssignmentSource\": \"ACCESS_REQUEST\"\n },\n {\n \"id\": \"2c9180a46faadee4016fb4e018c20639\",\n \"aliasName\": \"t.edison\",\n \"name\": \"Thomas Edison\",\n \"email\": \"t.edison@identitynow.com\",\n \"roleAssignmentSource\": \"ACCESS_REQUEST\"\n }\n]" + }, + { + "id": "00689d11-b871-4d8e-9e8d-f48f495deabb", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id/assigned-identities?limit=250&offset=0&count=true&filters=name sw Joe&sorters=aliasName,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id", + "assigned-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**aliasName**: *eq, sw*\n\n**email**: *eq, sw*\n\n**name**: *eq, sw, co*", + "key": "filters", + "value": "name sw Joe" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **aliasName**, **email**", + "key": "sorters", + "value": "aliasName,name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5a020051-1a9c-4076-ad0d-af2e59eefc48", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id/assigned-identities?limit=250&offset=0&count=true&filters=name sw Joe&sorters=aliasName,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id", + "assigned-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**aliasName**: *eq, sw*\n\n**email**: *eq, sw*\n\n**name**: *eq, sw, co*", + "key": "filters", + "value": "name sw Joe" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **aliasName**, **email**", + "key": "sorters", + "value": "aliasName,name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "3260ae53-3fbd-46ef-a4c0-38100c8db700", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id/assigned-identities?limit=250&offset=0&count=true&filters=name sw Joe&sorters=aliasName,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id", + "assigned-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**aliasName**: *eq, sw*\n\n**email**: *eq, sw*\n\n**name**: *eq, sw, co*", + "key": "filters", + "value": "name sw Joe" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **aliasName**, **email**", + "key": "sorters", + "value": "aliasName,name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "e6699b6a-0ed0-4bcf-ac04-c8a7616d4649", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id/assigned-identities?limit=250&offset=0&count=true&filters=name sw Joe&sorters=aliasName,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id", + "assigned-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**aliasName**: *eq, sw*\n\n**email**: *eq, sw*\n\n**name**: *eq, sw, co*", + "key": "filters", + "value": "name sw Joe" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **aliasName**, **email**", + "key": "sorters", + "value": "aliasName,name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "04f42064-a038-4e81-9e55-f288c2b35040", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/roles/:id/assigned-identities?limit=250&offset=0&count=true&filters=name sw Joe&sorters=aliasName,name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "roles", + ":id", + "assigned-identities" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**aliasName**: *eq, sw*\n\n**email**: *eq, sw*\n\n**name**: *eq, sw, co*", + "key": "filters", + "value": "name sw Joe" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **id**, **name**, **aliasName**, **email**", + "key": "sorters", + "value": "aliasName,name" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "f50b65bf-8b21-4a16-a556-a187b74dee54", + "description": "Use this API to implement and customize role functionality.\nWith this functionality in place, administrators can create roles and configure them for use throughout IdentityNow. \nIdentityNow can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks.\n\nEntitlements represent the most granular level of access in IdentityNow. \nAccess profiles represent the next level and often group entitlements. \nRoles represent the broadest level of access and often group access profiles. \n\nFor example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization.\n\nAn administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement.\n\nAn administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source.\n\nWhen users only need Active Directory employee access, they can request access to the 'Employees' entitlement.\n\nWhen users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile.\n\nWhen users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. \n\nRoles often represent positions within organizations. \nFor example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role. \nIf the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need.\n\nIn IdentityNow, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones. \nAdministrators can enable and disable the role, and they can also make the following configurations: \n\n- Manage Access: Manage the role's access by adding or removing access profiles.\n\n- Define Assignment: Define the criteria IdentityNow uses to assign the role to identities. \nUse the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes. \nUse the second, 'Identity List,' to specify the identities for assignment.\n\n- Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked. \nDo not configure a role to be requestable without establishing a secure access request approval process for that role first. \n\nRefer to [Working with Roles](https://documentation.sailpoint.com/saas/help/provisioning/roles.html) for more information about roles.\n" + }, + { + "name": "Saved Search", + "item": [ + { + "name": "Create a saved search", + "id": "ea0758cc-851d-4bbe-8655-50e43abcf366", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches" + ] + }, + "description": "Creates a new saved search.\n" + }, + "response": [ + { + "id": "384635d0-2448-4667-851a-b3003d522859", + "name": "The persisted saved search.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches" + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n },\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}" + }, + { + "id": "bae09351-295b-4bc5-bf97-edcdb58fd166", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "281221c2-97ec-4b6d-9651-5f36d0e43217", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Return a list of Saved Searches", + "id": "c147c62d-7f7e-4fd2-a7f8-2e0c884a19ae", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches?offset=0&limit=250&count=true&filters=public eq true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *public*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns saved searches for the specified owner ID\n\n```public eq true``` -- returns all public saved searches\n\n```owner.id eq me or public eq true``` -- returns all of the current user's saved searches as well as all public saved searches belonging to other users in the current org\n", + "key": "filters", + "value": "public eq true" + } + ] + }, + "description": "Returns a list of saved searches.\n" + }, + "response": [ + { + "id": "2fbdf22a-4c24-4c92-947c-a744fc75274a", + "name": "The list of requested saved searches.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches?offset=0&limit=250&count=true&filters=public eq true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *public*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns saved searches for the specified owner ID\n\n```public eq true``` -- returns all public saved searches\n\n```owner.id eq me or public eq true``` -- returns all of the current user's saved searches as well as all public saved searches belonging to other users in the current org\n", + "key": "filters", + "value": "public eq true" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": { + "content": "The total result count (returned only if the *count* parameter is specified as *true*).", + "type": "text/plain" + }, + "key": "X-Total-Count", + "value": "5" + } + ], + "cookie": [], + "body": "[\n {\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n },\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n },\n {\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n },\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n }\n]" + }, + { + "id": "cdc7eefb-3b0e-45a0-aa22-750e887756cd", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches?offset=0&limit=250&count=true&filters=public eq true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *public*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns saved searches for the specified owner ID\n\n```public eq true``` -- returns all public saved searches\n\n```owner.id eq me or public eq true``` -- returns all of the current user's saved searches as well as all public saved searches belonging to other users in the current org\n", + "key": "filters", + "value": "public eq true" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "538a275a-0588-4d30-8d28-783295bab0d8", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches?offset=0&limit=250&count=true&filters=public eq true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *public*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns saved searches for the specified owner ID\n\n```public eq true``` -- returns all public saved searches\n\n```owner.id eq me or public eq true``` -- returns all of the current user's saved searches as well as all public saved searches belonging to other users in the current org\n", + "key": "filters", + "value": "public eq true" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Updates an existing saved search\n", + "id": "a0aa2851-a293-4d5b-994a-51e67873900b", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n },\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c91808568c529c60168cca6f90c1313" + } + ] + }, + "description": "Updates an existing saved search.\n" + }, + "response": [ + { + "id": "94cd0d16-d17d-45a5-b3b0-e96c1b494597", + "name": "The persisted saved search.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n },\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n },\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}" + }, + { + "id": "0213e3bc-355e-42fc-95f9-8ead7a3ae7f6", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n },\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "401e75f8-b629-4637-8a40-74e05c9b6791", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n },\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Return a saved search by ID", + "id": "1c041848-8985-4c97-81cc-8278d34b7492", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c91808568c529c60168cca6f90c1313" + } + ] + }, + "description": "Returns the specified saved search.\n" + }, + "response": [ + { + "id": "0be310c7-30d2-4af4-bf4a-e73f1a9dff0f", + "name": "The requested saved search.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": \"@accounts(disabled:true)\",\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n },\n \"name\": \"Disabled accounts\",\n \"description\": \"Disabled accounts\",\n \"public\": false,\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"columns\": {\n \"identity\": [\n {\n \"field\": \"displayName\",\n \"header\": \"Display Name\"\n },\n {\n \"field\": \"e-mail\",\n \"header\": \"Work Email\"\n }\n ]\n },\n \"fields\": [\n \"disabled\"\n ],\n \"sort\": [\n \"displayName\"\n ],\n \"filters\": {\n \"attributes.cloudAuthoritativeSource\": {\n \"type\": \"EXISTS\",\n \"exclude\": true\n },\n \"accessCount\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"3\"\n }\n }\n },\n \"created\": {\n \"type\": \"RANGE\",\n \"range\": {\n \"lower\": {\n \"value\": \"2019-12-01\",\n \"inclusive\": true\n },\n \"upper\": {\n \"value\": \"2020-01-01\"\n }\n }\n },\n \"source.name\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"HR Employees\",\n \"Corporate Active Directory\"\n ],\n \"exclude\": true\n },\n \"protected\": {\n \"type\": \"TERMS\",\n \"terms\": [\n \"true\"\n ]\n }\n }\n}" + }, + { + "id": "95785fac-e7aa-4887-a2c6-9d1e82c12f1d", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete a document by ID", + "id": "716d28cb-27f8-46d2-bfc0-7ddd5b5573a4", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c91808568c529c60168cca6f90c1313" + } + ] + }, + "description": "Deletes the specified saved search.\n" + }, + "response": [ + { + "id": "8e1470af-0c2e-4e0a-94e9-e1adfb6ed5e6", + "name": "No Content - Indicates the request was successful but there is no content to be returned in the response.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "7276999f-37e8-4238-bbbf-b165953d3e9d", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "229189b3-4f54-407a-b7fc-dd1d9a4a3b74", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "50c5658f-7a59-4851-a746-0048087aa6e6", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/saved-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Execute a saved search by ID", + "id": "32b805ae-efd6-494a-ad3e-4f8c2c1030d7", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"scheduleId\": \"7a724640-0c17-4ce9-a8c3-4a89738459c8\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id/execute", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id", + "execute" + ], + "variable": [ + { + "key": "id", + "value": "2c91808568c529c60168cca6f90c1313" + } + ] + }, + "description": "Executes the specified saved search.\n" + }, + "response": [ + { + "id": "63a16762-94dc-496f-ac1d-f91df6dda9f4", + "name": "Accepted - Returned if the request was successfully accepted into the system.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"scheduleId\": \"7a724640-0c17-4ce9-a8c3-4a89738459c8\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id/execute", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id", + "execute" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "88b2ddd7-7d83-4ba0-8f1c-b026d20c864e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"scheduleId\": \"7a724640-0c17-4ce9-a8c3-4a89738459c8\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id/execute", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id", + "execute" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "839b4210-c7bf-4bd0-b4bf-dc1a4253756a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"scheduleId\": \"7a724640-0c17-4ce9-a8c3-4a89738459c8\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id/execute", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id", + "execute" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "ad6ba199-81ce-408e-8e8d-8192af7bcf0f", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"scheduleId\": \"7a724640-0c17-4ce9-a8c3-4a89738459c8\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id/execute", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id", + "execute" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "3be46b81-706c-484b-a60d-00f069f55874", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"scheduleId\": \"7a724640-0c17-4ce9-a8c3-4a89738459c8\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id/execute", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id", + "execute" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "b58d3eb5-c365-4de6-a48a-c763bf92600f", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"scheduleId\": \"7a724640-0c17-4ce9-a8c3-4a89738459c8\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id/execute", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id", + "execute" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "c123a641-6c17-48d8-a6b7-646c2572b03e", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"scheduleId\": \"7a724640-0c17-4ce9-a8c3-4a89738459c8\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/saved-searches/:id/execute", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "saved-searches", + ":id", + "execute" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "47504750-b30c-4f43-a49d-c36ada88dcde", + "description": "Use this API to implement saved search functionality. \nWith saved search functionality in place, users can save search queries and then view those saved searches, as well as rerun them. \n\nSearch queries in IdentityNow can grow very long and specific, which can make reconstructing them difficult or tedious, so it can be especially helpful to save search queries. \nIt also opens the possibility to configure IdentityNow to run the saved queries on a schedule, which is essential to detecting user information and access changes throughout an organization's tenant and across all its sources. \nRefer to [Scheduled Search](https://developer.sailpoint.com/idn/api/v3/scheduled-search) for more information about running saved searches on a schedule. \n\nIn IdentityNow, users can save searches under a name, and then they can access that saved search and run it again when they want. \n\nRefer to [Managing Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html) for more information about saving searches and using them. \n" + }, + { + "name": "Scheduled Search", + "item": [ + { + "name": "Create a new scheduled search", + "id": "d92cd9f3-86c7-4232-baa9-280290ab66cb", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"savedSearchId\": \"9c620e13-cd33-4804-a13d-403bd7bcdbad\",\n \"schedule\": {\n \"type\": \"DAILY\",\n \"hours\": {\n \"type\": \"LIST\",\n \"values\": [\n \"9\"\n ]\n }\n },\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ] + }, + "description": "Creates a new scheduled search.\n" + }, + "response": [ + { + "id": "31449bb8-a2bc-456c-a26c-3d13f0613b80", + "name": "The persisted scheduled search.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"savedSearchId\": \"9c620e13-cd33-4804-a13d-403bd7bcdbad\",\n \"schedule\": {\n \"type\": \"DAILY\",\n \"hours\": {\n \"type\": \"LIST\",\n \"values\": [\n \"9\"\n ]\n }\n },\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}" + }, + { + "id": "a9cd4cc7-3fab-4fe3-a516-62db15d5cacc", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"savedSearchId\": \"9c620e13-cd33-4804-a13d-403bd7bcdbad\",\n \"schedule\": {\n \"type\": \"DAILY\",\n \"hours\": {\n \"type\": \"LIST\",\n \"values\": [\n \"9\"\n ]\n }\n },\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "311db9a1-38a7-463b-ac1d-e1c94fb045af", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"savedSearchId\": \"9c620e13-cd33-4804-a13d-403bd7bcdbad\",\n \"schedule\": {\n \"type\": \"DAILY\",\n \"hours\": {\n \"type\": \"LIST\",\n \"values\": [\n \"9\"\n ]\n }\n },\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "672cb6e3-2e5b-4001-9898-f972eeb55e81", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"savedSearchId\": \"9c620e13-cd33-4804-a13d-403bd7bcdbad\",\n \"schedule\": {\n \"type\": \"DAILY\",\n \"hours\": {\n \"type\": \"LIST\",\n \"values\": [\n \"9\"\n ]\n }\n },\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "7c761add-11c5-4921-b8bb-7933df7658ac", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"savedSearchId\": \"9c620e13-cd33-4804-a13d-403bd7bcdbad\",\n \"schedule\": {\n \"type\": \"DAILY\",\n \"hours\": {\n \"type\": \"LIST\",\n \"values\": [\n \"9\"\n ]\n }\n },\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "eef7b37b-4505-4029-b46c-bc63b1a0f381", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"savedSearchId\": \"9c620e13-cd33-4804-a13d-403bd7bcdbad\",\n \"schedule\": {\n \"type\": \"DAILY\",\n \"hours\": {\n \"type\": \"LIST\",\n \"values\": [\n \"9\"\n ]\n }\n },\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "3bff6c5b-5d48-4c90-913e-8be664bdbe1d", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"savedSearchId\": \"9c620e13-cd33-4804-a13d-403bd7bcdbad\",\n \"schedule\": {\n \"type\": \"DAILY\",\n \"hours\": {\n \"type\": \"LIST\",\n \"values\": [\n \"9\"\n ]\n }\n },\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "List scheduled searches", + "id": "2921855d-9ab1-43c2-9354-5e984bdbca62", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches?offset=0&limit=250&count=true&filters=savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *savedSearchId*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns scheduled searches for the specified owner ID\n\n```savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns scheduled searches that reference the specified saved search\n\n```owner.id eq me or savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search\n", + "key": "filters", + "value": "savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"" + } + ] + }, + "description": "Returns a list of scheduled searches.\n" + }, + "response": [ + { + "id": "e04855d5-21d8-473a-b5c6-c9b312caab55", + "name": "The list of requested scheduled searches.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches?offset=0&limit=250&count=true&filters=savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *savedSearchId*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns scheduled searches for the specified owner ID\n\n```savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns scheduled searches that reference the specified saved search\n\n```owner.id eq me or savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search\n", + "key": "filters", + "value": "savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": { + "content": "The total result count (returned only if the *count* parameter is specified as *true*).", + "type": "text/plain" + }, + "key": "X-Total-Count", + "value": "5" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n },\n {\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n }\n]" + }, + { + "id": "581e76db-c915-4828-87da-a75b521e6d45", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches?offset=0&limit=250&count=true&filters=savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *savedSearchId*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns scheduled searches for the specified owner ID\n\n```savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns scheduled searches that reference the specified saved search\n\n```owner.id eq me or savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search\n", + "key": "filters", + "value": "savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "aeb1de21-adfe-44a9-bad7-52cbc6d0d28e", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches?offset=0&limit=250&count=true&filters=savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *savedSearchId*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns scheduled searches for the specified owner ID\n\n```savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns scheduled searches that reference the specified saved search\n\n```owner.id eq me or savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search\n", + "key": "filters", + "value": "savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "9774ae26-bcd2-43fa-a696-a2d5ecec17e6", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches?offset=0&limit=250&count=true&filters=savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *savedSearchId*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns scheduled searches for the specified owner ID\n\n```savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns scheduled searches that reference the specified saved search\n\n```owner.id eq me or savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search\n", + "key": "filters", + "value": "savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "f084c4bf-3975-4043-8280-71239bec8179", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches?offset=0&limit=250&count=true&filters=savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *savedSearchId*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns scheduled searches for the specified owner ID\n\n```savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns scheduled searches that reference the specified saved search\n\n```owner.id eq me or savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search\n", + "key": "filters", + "value": "savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "2eadb416-efc7-4e4e-bc3a-bffe392f678c", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches?offset=0&limit=250&count=true&filters=savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *savedSearchId*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns scheduled searches for the specified owner ID\n\n```savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns scheduled searches that reference the specified saved search\n\n```owner.id eq me or savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search\n", + "key": "filters", + "value": "savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "e833a271-a9e0-4db0-88d1-b718c27db32e", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches?offset=0&limit=250&count=true&filters=savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results).\n\nAllowed filter properties: *owner.id*, *savedSearchId*\n\nAllowed filter operator: *eq*\n\n**Example filters**:\n\n```owner.id eq \"0de46054-fe90-434a-b84e-c6b3359d0c64\"``` -- returns scheduled searches for the specified owner ID\n\n```savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns scheduled searches that reference the specified saved search\n\n```owner.id eq me or savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search\n", + "key": "filters", + "value": "savedSearchId eq \"6cc0945d-9eeb-4948-9033-72d066e1153e\"" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update an existing Scheduled Search", + "id": "486d2672-ff04-420d-8229-5ed8ac348b08", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c91808568c529c60168cca6f90c1313" + } + ] + }, + "description": "Updates an existing scheduled search.\n" + }, + "response": [ + { + "id": "af8b1551-d832-474b-a9a0-8ec021fcb72f", + "name": "The persisted scheduled search.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}" + }, + { + "id": "7171a919-9f2f-4d18-8b90-058e37d0742a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "290d1680-6bdd-4bbd-b4a5-e8165471005b", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "6bd4c91b-bbcf-4530-b311-6b571ce6f6ba", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "47d842f1-fef3-4c93-a5fb-75d0730fa2db", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "6bcc6c62-2a86-4068-bb69-8a4966d35015", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "27cca74e-b95e-41b8-b316-30b569bd8c76", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get a Scheduled Search", + "id": "a2a22c5e-2427-42ed-b8f9-8a2ceda35fbf", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c91808568c529c60168cca6f90c1313" + } + ] + }, + "description": "Returns the specified scheduled search." + }, + "response": [ + { + "id": "688ac740-8c91-47c5-99c5-6b9ad7fc37ed", + "name": "The requested scheduled search.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"0de46054-fe90-434a-b84e-c6b3359d0c64\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n \"ownerId\": \"2c9180867624cbd7017642d8c8c81f67\",\n \"recipients\": [\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n },\n {\n \"type\": \"IDENTITY\",\n \"id\": \"2c9180867624cbd7017642d8c8c81f67\"\n }\n ],\n \"savedSearchId\": \"554f1511-f0a1-4744-ab14-599514d3e57c\",\n \"schedule\": {\n \"type\": \"WEEKLY\",\n \"hours\": {\n \"type\": \"RANGE\",\n \"values\": [\n \"9\",\n \"18\"\n ],\n \"interval\": 3\n },\n \"days\": {\n \"type\": \"LIST\",\n \"values\": [\n \"MON\",\n \"WED\"\n ],\n \"interval\": 3\n },\n \"expiration\": \"2018-06-25T20:22:28.104Z\",\n \"timeZoneId\": \"GMT-06:00\"\n },\n \"name\": \"Daily disabled accounts\",\n \"description\": \"Daily disabled accounts\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": false,\n \"emailEmptyResults\": false,\n \"displayQueryDetails\": false\n}" + }, + { + "id": "2c3a068c-3a8f-417d-9946-cc9880f1b931", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "01c8e98b-beba-46e1-a58d-6e7c188e57c9", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "c5a6db69-0323-4be5-9f4e-aef6bbaf8b9e", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "e41befee-52ca-49eb-aabd-34c6d86103e7", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "30268cb0-3bfa-408e-a492-6d48b4c20b56", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "ac7a09ed-1b18-464b-86b0-36f56208097c", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete a Scheduled Search", + "id": "dfd12986-f25e-47b9-ab2a-d47b303b7fa1", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c91808568c529c60168cca6f90c1313" + } + ] + }, + "description": "Deletes the specified scheduled search.\n" + }, + "response": [ + { + "id": "b6eacdf7-edb1-4192-90da-accbf901179d", + "name": "No Content - Indicates the request was successful but there is no content to be returned in the response.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "41ee58db-0447-44ab-8f01-d6ac627865e4", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "f347214b-386b-4c01-b655-0b4d0e4d859c", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "ac5d1b34-249f-42e9-8d6e-8be5133c06e2", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "a0c2d918-ece9-406d-89b1-8fe8a582140f", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "c380ad9d-f468-47e7-81e9-0c817adcd1b5", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "31f12490-3715-4eb0-a4d9-93b1ab9faab3", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Unsubscribe a recipient from Scheduled Search", + "id": "b2998e41-edf6-48a0-9781-705744b646f0", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id/unsubscribe", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id", + "unsubscribe" + ], + "variable": [ + { + "key": "id", + "value": "2c91808568c529c60168cca6f90c1313" + } + ] + }, + "description": "Unsubscribes a recipient from the specified scheduled search.\n" + }, + "response": [ + { + "id": "fd70352e-2fe0-4bc1-8471-85071ec5aba0", + "name": "No Content - Indicates the request was successful but there is no content to be returned in the response.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id/unsubscribe", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id", + "unsubscribe" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "f97975ec-2c44-4293-bfc1-ce370686c6bd", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id/unsubscribe", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id", + "unsubscribe" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "38c41905-2623-4737-91ca-31c9ce66a6a1", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id/unsubscribe", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id", + "unsubscribe" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "efc4f419-76a3-4651-8ece-7dd31f80cbf7", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/scheduled-searches/:id/unsubscribe", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "scheduled-searches", + ":id", + "unsubscribe" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + } + ] + } + ], + "id": "ce3f0ec5-fc22-4ae6-8e8a-77ff98c5bcc2", + "description": "Use this API to implement scheduled search functionality. \nWith scheduled search functionality in place, users can run saved search queries on their tenants on a schedule, and IdentityNow emails them the search results. \nUsers can also share these search results with other users by email by adding those users as subscribers, or those users can subscribe themselves. \n\nOne of the greatest benefits of saving searches is the ability to run those searches on a schedule. \nThis is essential for organizations to constantly detect any changes to user information or access throughout their tenants and across all their sources. \nFor example, the manager Amanda Ross can schedule a saved search \"manager.name:amanda.ross AND attributes.location:austin\" on a schedule to regularly stay aware of changes with the Austin employees reporting to her.\nIdentityNow emails her the search results when the search runs, so she can work on other tasks instead of actively running this search.\n\nIn IdentityNow, scheduling a search involves a subscription. \nUsers can create a subscription for a saved search and schedule it to run daily, weekly, or monthly (you can only use one schedule option at a time). \nThe user can add other identities as subscribers so when the scheduled search runs, the subscribers and the user all receive emails. \n\nBy default, subscriptions exclude detailed results from the emails, for security purposes. \nIncluding detailed results about user access in an email may expose sensitive information.\nHowever, the subscription creator can choose to include the information in the emails. \n\nBy default, IdentityNow sends emails to the subscribers even when the searches do not return new results. \nHowever, the subscription creator can choose to suppress these empty emails. \n\nUsers can also subscribe to saved searches that already have existing subscriptions so they receive emails when the searches run. \nA saved search can have up to 10 subscriptions configured at a time. \n\nThe subscription creator can enable, disable, or delete the subscription. \n\nRefer to [Subscribing to Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html#subscribing-to-saved-searches) for more information about scheduling searches and subscribing to them.\n" + }, + { + "name": "Search", + "item": [ + { + "name": "Perform Search", + "id": "da6c96cb-39e3-4507-8b5d-97eef81795e2", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"\\\"John Doe\\\"\",\n \"fields\": [\n \"name\"\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + }, + "description": "Performs a search with the provided query and returns a matching result collection. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. " + }, + "response": [ + { + "id": "9e2148ca-fc7b-4682-9acf-abb0bf256cf8", + "name": "List of matching documents.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"\\\"John Doe\\\"\",\n \"fields\": [\n \"name\"\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": { + "content": "The total result count (returned only if the *count* parameter is specified as *true*).", + "type": "text/plain" + }, + "key": "X-Total-Count", + "value": "30" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180825a6c1adc015a71c9023f0818\",\n \"name\": \"Cloud Eng\",\n \"_type\": \"accessprofile\",\n \"description\": \"Cloud Eng\",\n \"created\": \"2017-02-24T20:21:23.145Z\",\n \"modified\": \"2019-05-24T20:36:04.312Z\",\n \"synced\": \"2020-02-18T05:30:20.414Z\",\n \"enabled\": true,\n \"requestable\": true,\n \"requestCommentsRequired\": false,\n \"owner\": {\n \"id\": \"ff8081815757d36a015757d42e56031e\",\n \"name\": \"SailPoint Support\",\n \"type\": \"IDENTITY\",\n \"email\": \"cloud-support@sailpoint.com\"\n },\n \"source\": {\n \"id\": \"ff8081815757d4fb0157588f3d9d008f\",\n \"name\": \"Employees\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c918084575812550157589064f33b89\",\n \"name\": \"CN=Cloud Engineering,DC=sailpoint,DC=COM\",\n \"description\": \"mull\",\n \"attribute\": \"memberOf\",\n \"value\": \"CN=Cloud Engineering,DC=sailpoint,DC=COM\"\n }\n ],\n \"entitlementCount\": 1,\n \"tags\": [\n \"TAG_1\",\n \"TAG_2\"\n ]\n }\n]" + }, + { + "id": "f0bfc5f3-4e2c-48c3-8528-eaadefce5e54", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"\\\"John Doe\\\"\",\n \"fields\": [\n \"name\"\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "0b3ed965-194f-4439-bd84-23d881aadc96", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"\\\"John Doe\\\"\",\n \"fields\": [\n \"name\"\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0c99621f-b71d-4c3f-aaaf-5002fb67c84f", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"\\\"John Doe\\\"\",\n \"fields\": [\n \"name\"\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "77319963-97dd-4e8d-ba1c-50a3429f75f9", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"\\\"John Doe\\\"\",\n \"fields\": [\n \"name\"\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "e3dc805c-9488-4e56-858a-cd07cbc6cb15", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"\\\"John Doe\\\"\",\n \"fields\": [\n \"name\"\n ]\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Count Documents Satisfying a Query", + "id": "9817cf89-cdb5-458e-ade3-1c0ee2e3c126", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"created: [2022-05-19T19:26:03.351Z TO now]\",\n \"timeZone\": \"America/Los_Angeles\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/count", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "count" + ] + }, + "description": "Performs a search with a provided query and returns the count of results in the X-Total-Count header." + }, + "response": [ + { + "id": "585c510e-2ebf-450b-9d0e-8198324cdd05", + "name": "No content - indicates the request was successful but there is no content to be returned in the response.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"created: [2022-05-19T19:26:03.351Z TO now]\",\n \"timeZone\": \"America/Los_Angeles\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/count", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "count" + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [ + { + "description": { + "content": "The total result count.", + "type": "text/plain" + }, + "key": "X-Total-Count", + "value": "5" + } + ], + "cookie": [] + }, + { + "id": "e8f231fe-f4a9-48fb-8851-fb03f3e67f2a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"created: [2022-05-19T19:26:03.351Z TO now]\",\n \"timeZone\": \"America/Los_Angeles\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/count", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "count" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "07eb65f7-16df-49c6-aa02-3b0ed52bbfc3", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"created: [2022-05-19T19:26:03.351Z TO now]\",\n \"timeZone\": \"America/Los_Angeles\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/count", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "count" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "aa3c337b-7732-4b69-84a2-374269fc14ff", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"created: [2022-05-19T19:26:03.351Z TO now]\",\n \"timeZone\": \"America/Los_Angeles\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/count", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "count" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "2725e085-ce7f-449c-85c6-695e90b19488", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"created: [2022-05-19T19:26:03.351Z TO now]\",\n \"timeZone\": \"America/Los_Angeles\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/count", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "count" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "c0496cce-2d66-402c-bcae-62e370ea5661", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"query\": {\n \"query\": \"created: [2022-05-19T19:26:03.351Z TO now]\",\n \"timeZone\": \"America/Los_Angeles\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/count", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "count" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Perform a Search Query Aggregation", + "id": "7d183ae6-2b7c-481e-9d48-50e6374c8397", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"identities\"\n ],\n \"aggregationType\": \"SAILPOINT\",\n \"aggregations\": {\n \"metric\": {\n \"name\": \"How Many Locations\",\n \"type\": \"UNIQUE_COUNT\",\n \"field\": \"attributes.city\"\n }\n }\n}" + }, + "url": { + "raw": "{{baseUrl}}/search/aggregate?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "aggregate" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + }, + "description": "Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. " + }, + "response": [ + { + "id": "f0443cde-06fd-4d04-8baa-2de03cc678b1", + "name": "Aggregation results.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"aggregations\"\n ],\n \"aggregationType\": \"SAILPOINT\",\n \"aggregations\": {\n \"metric\": {\n \"name\": \"How Many Locations\",\n \"type\": \"UNIQUE_COUNT\",\n \"field\": \"attributes.city\"\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/aggregate?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "aggregate" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": { + "content": "The total result count (returned only if the *count* parameter is specified as *true*).", + "type": "text/plain" + }, + "key": "X-Total-Count", + "value": "5" + } + ], + "cookie": [], + "body": "{\n \"aggregations\": {\n \"Identity Locations\": {\n \"buckets\": [\n {\n \"key\": \"Austin\",\n \"doc_count\": 109\n },\n {\n \"key\": \"London\",\n \"doc_count\": 64\n },\n {\n \"key\": \"San Jose\",\n \"doc_count\": 27\n },\n {\n \"key\": \"Brussels\",\n \"doc_count\": 26\n },\n {\n \"key\": \"Sao Paulo\",\n \"doc_count\": 24\n },\n {\n \"key\": \"Munich\",\n \"doc_count\": 23\n },\n {\n \"key\": \"Singapore\",\n \"doc_count\": 22\n },\n {\n \"key\": \"Tokyo\",\n \"doc_count\": 20\n },\n {\n \"key\": \"Taipei\",\n \"doc_count\": 16\n }\n ]\n }\n },\n \"hits\": [\n {\n \"id\": \"2c91808375d8e80a0175e1f88a575222\",\n \"name\": \"john.doe\",\n \"_type\": \"identity\",\n \"description\": \"The admin role\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"synced\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": true,\n \"requestable\": true,\n \"requestCommentsRequired\": false,\n \"owner\": {\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"John Doe\",\n \"type\": \"IDENTITY\",\n \"email\": \"john.doe@sailpoint.com\"\n },\n \"source\": {\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"John Doe\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"John Doe\",\n \"description\": \"The admin privilege\",\n \"attribute\": \"admin\",\n \"value\": \"true\"\n },\n {\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"John Doe\",\n \"description\": \"The admin privilege\",\n \"attribute\": \"admin\",\n \"value\": \"true\"\n }\n ],\n \"entitlementCount\": 5,\n \"tags\": [\n \"TAG_1\",\n \"TAG_2\"\n ]\n },\n {\n \"id\": \"2c91808375d8e80a0175e1f88a575222\",\n \"name\": \"john.doe\",\n \"_type\": \"identity\",\n \"description\": \"The admin role\",\n \"created\": \"2018-06-25T20:22:28.104Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"synced\": \"2018-06-25T20:22:28.104Z\",\n \"enabled\": true,\n \"requestable\": true,\n \"requestCommentsRequired\": false,\n \"owner\": {\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"John Doe\",\n \"type\": \"IDENTITY\",\n \"email\": \"john.doe@sailpoint.com\"\n },\n \"source\": {\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"John Doe\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"John Doe\",\n \"description\": \"The admin privilege\",\n \"attribute\": \"admin\",\n \"value\": \"true\"\n },\n {\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"John Doe\",\n \"description\": \"The admin privilege\",\n \"attribute\": \"admin\",\n \"value\": \"true\"\n }\n ],\n \"entitlementCount\": 5,\n \"tags\": [\n \"TAG_1\",\n \"TAG_2\"\n ]\n }\n ]\n}" + }, + { + "id": "3b08a985-e486-4d0b-9041-cf01aff60760", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"aggregations\"\n ],\n \"aggregationType\": \"SAILPOINT\",\n \"aggregations\": {\n \"metric\": {\n \"name\": \"How Many Locations\",\n \"type\": \"UNIQUE_COUNT\",\n \"field\": \"attributes.city\"\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/aggregate?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "aggregate" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "4faf8a92-f613-4922-b5be-35094f696a3c", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"aggregations\"\n ],\n \"aggregationType\": \"SAILPOINT\",\n \"aggregations\": {\n \"metric\": {\n \"name\": \"How Many Locations\",\n \"type\": \"UNIQUE_COUNT\",\n \"field\": \"attributes.city\"\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/aggregate?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "aggregate" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "8855ad42-fe47-4595-80f6-524a0fe9c8b3", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"aggregations\"\n ],\n \"aggregationType\": \"SAILPOINT\",\n \"aggregations\": {\n \"metric\": {\n \"name\": \"How Many Locations\",\n \"type\": \"UNIQUE_COUNT\",\n \"field\": \"attributes.city\"\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/aggregate?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "aggregate" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "08d22b55-dbdd-459f-9252-0464b593e387", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"aggregations\"\n ],\n \"aggregationType\": \"SAILPOINT\",\n \"aggregations\": {\n \"metric\": {\n \"name\": \"How Many Locations\",\n \"type\": \"UNIQUE_COUNT\",\n \"field\": \"attributes.city\"\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/aggregate?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "aggregate" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "631b11a2-815b-4d59-a611-11cbb5b3ad55", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"indices\": [\n \"aggregations\"\n ],\n \"aggregationType\": \"SAILPOINT\",\n \"aggregations\": {\n \"metric\": {\n \"name\": \"How Many Locations\",\n \"type\": \"UNIQUE_COUNT\",\n \"field\": \"attributes.city\"\n }\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/search/aggregate?offset=0&limit=250&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + "aggregate" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get a Document by ID", + "id": "1a06a3dc-86dd-494b-814f-5da43db51a0e", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/search/:index/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + ":index", + ":id" + ], + "variable": [ + { + "key": "index", + "value": "accounts" + }, + { + "key": "id", + "value": "2c91808568c529c60168cca6f90c1313" + } + ] + }, + "description": "Fetches a single document from the specified index, using the specified document ID." + }, + "response": [ + { + "id": "3bf281f0-8430-4452-a7e4-3d8e0203834c", + "name": "The requested document.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/search/:index/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + ":index", + ":id" + ], + "variable": [ + { + "key": "index" + }, + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180825a6c1adc015a71c9023f0818\",\n \"name\": \"Cloud Eng\",\n \"_type\": \"accessprofile\",\n \"description\": \"Cloud Eng\",\n \"created\": \"2017-02-24T20:21:23.145Z\",\n \"modified\": \"2019-05-24T20:36:04.312Z\",\n \"synced\": \"2020-02-18T05:30:20.414Z\",\n \"enabled\": true,\n \"requestable\": true,\n \"requestCommentsRequired\": false,\n \"owner\": {\n \"id\": \"ff8081815757d36a015757d42e56031e\",\n \"name\": \"SailPoint Support\",\n \"type\": \"IDENTITY\",\n \"email\": \"cloud-support@sailpoint.com\"\n },\n \"source\": {\n \"id\": \"ff8081815757d4fb0157588f3d9d008f\",\n \"name\": \"Employees\"\n },\n \"entitlements\": [\n {\n \"id\": \"2c918084575812550157589064f33b89\",\n \"name\": \"CN=Cloud Engineering,DC=sailpoint,DC=COM\",\n \"description\": \"mull\",\n \"attribute\": \"memberOf\",\n \"value\": \"CN=Cloud Engineering,DC=sailpoint,DC=COM\"\n }\n ],\n \"entitlementCount\": 1,\n \"tags\": [\n \"TAG_1\",\n \"TAG_2\"\n ]\n}" + }, + { + "id": "7723f051-645f-420a-9720-f065427d4635", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/search/:index/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + ":index", + ":id" + ], + "variable": [ + { + "key": "index" + }, + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "eb6ee4c7-7b97-469f-b813-79e9d46e1c8c", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/search/:index/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + ":index", + ":id" + ], + "variable": [ + { + "key": "index" + }, + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "3e323607-d4eb-4e38-ae21-fa30a22d5775", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/search/:index/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + ":index", + ":id" + ], + "variable": [ + { + "key": "index" + }, + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "7bbfda54-974c-452f-91fe-0dc1453fa446", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/search/:index/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + ":index", + ":id" + ], + "variable": [ + { + "key": "index" + }, + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "27266fd0-05da-47d1-89ba-cdb0b89a6f3c", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/search/:index/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + ":index", + ":id" + ], + "variable": [ + { + "key": "index" + }, + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f8449d17-bbfe-4933-9107-0205d8eceaa5", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/search/:index/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "search", + ":index", + ":id" + ], + "variable": [ + { + "key": "index" + }, + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "d69efceb-4858-4e53-a7ec-8a35085d4dbf", + "description": "Use this API to implement search functionality. \nWith search functionality in place, users can search their tenants for nearly any information from throughout their organizations. \n\nIdentityNow enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential. \nIts search goes through all those sources and finds the results quickly and specifically. \n\nThe search query is flexible - it can be very broad or very narrow. \nThe search only returns results for searchable objects it is filtering for. \nThe following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities. \nBy default, no filter is applied, so a search for \"Ad\" returns both the identity \"Adam.Archer\" as well as the role \"Administrator.\"\n\nUsers can further narrow their results by using IdentityNow's specific syntax and punctuation to structure their queries. \nFor example, the query \"attributes.location:austin AND NOT manager.name:amanda.ross\" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross.\nRefer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries. \n\nRefer to [Using Search](https://documentation.sailpoint.com/saas/help/search/index.html) for more information about IdentityNow's search and its different possibilities. \n\nThe search feature uses Elasticsearch as a datastore and query engine. \nThe power of Elasticsearch makes this feature suitable for ad-hoc reporting.\nHowever, data from the operational databases (ex. identities, roles, events, etc) has to be ingested into Elasticsearch. \nThis ingestion process introduces a latency from when the operational data is created to when it is available in search. \nDepending on the system load, this can take a few seconds to a few minutes. \nPlease keep this latency in mind when you use search. \n" + }, + { + "name": "Service Desk Integration", + "item": [ + { + "name": "List existing Service Desk Integrations", + "id": "6ef20938-5a88-4fba-ae42-dbae61ee9b15", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations?offset=0&limit=250&sorters=name&filters=name eq \"John Doe\"&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "key": "filters", + "value": "name eq \"John Doe\"" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + }, + "description": "Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint." + }, + "response": [ + { + "id": "0d07ddbb-8e57-41ab-ba5f-33f272ca011f", + "name": "List of ServiceDeskIntegrationDto", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations?offset=0&limit=250&sorters=name&filters=name eq \"John Doe\"&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "key": "filters", + "value": "name eq \"John Doe\"" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n },\n {\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n }\n]" + }, + { + "id": "01a38ce1-f80b-417b-a819-c67b4a284acf", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations?offset=0&limit=250&sorters=name&filters=name eq \"John Doe\"&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "key": "filters", + "value": "name eq \"John Doe\"" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "27853d05-10f0-4c3b-aac7-f8814784bc56", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations?offset=0&limit=250&sorters=name&filters=name eq \"John Doe\"&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "key": "filters", + "value": "name eq \"John Doe\"" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "8d28603f-b0ff-4fcc-99e8-7f41579dada9", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations?offset=0&limit=250&sorters=name&filters=name eq \"John Doe\"&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "key": "filters", + "value": "name eq \"John Doe\"" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "f709f1cb-3b96-42e8-b03a-ea48fb1e1a05", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations?offset=0&limit=250&sorters=name&filters=name eq \"John Doe\"&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "key": "filters", + "value": "name eq \"John Doe\"" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "0504660c-46d7-4011-b7c0-55c30f9c0edf", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations?offset=0&limit=250&sorters=name&filters=name eq \"John Doe\"&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "key": "filters", + "value": "name eq \"John Doe\"" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "8596fa99-7f2b-4205-9434-1e51892084e9", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations?offset=0&limit=250&sorters=name&filters=name eq \"John Doe\"&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **name**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *eq*\n\n**type**: *eq, in*\n\n**cluster**: *eq, in*", + "key": "filters", + "value": "name eq \"John Doe\"" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create a new Service Desk integration", + "id": "3691de86-21b4-4bd7-8c8d-6cb325f13cce", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ] + }, + "description": "Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint." + }, + "response": [ + { + "id": "8c6a2a84-151c-4fc2-87d0-fd5f9d5170c5", + "name": "details of the created integration", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}" + }, + { + "id": "fceabdaf-70fd-46d2-bdac-3d2cbfdc576e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "ba6a36aa-f06c-4299-8e99-ef8c297b9f3a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "442ec459-3ce8-4eca-9dce-9016f242ef45", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "d2ecc7c2-1ee2-4500-b645-2b5c500af859", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "5b4d7d07-4ed9-4c5b-bf92-a2d7457c1145", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f72ef92e-4c6c-479b-b2a4-9f2c350183ae", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get a Service Desk integration by ID", + "id": "26eb4566-944d-4c33-8ee9-a6d8b0321521", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "anId" + } + ] + }, + "description": "Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint." + }, + "response": [ + { + "id": "bfd1c843-a48b-430e-84c6-607d556b0a03", + "name": "ServiceDeskIntegrationDto with the given ID", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}" + }, + { + "id": "08ca9613-29ad-4f7f-bac3-1c7c94115671", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "62eb32e7-d503-42fb-8be8-1456f4076818", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "f0f20120-95b2-4282-bab8-b38da124035c", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "a669bed2-74a4-46d6-80c1-c6b838601d8c", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "35deabb7-148a-408b-8ad1-c2b10f4b1f96", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "c50ea596-e6b4-4875-b7b0-68ef9861cbf9", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update a Service Desk integration by ID", + "id": "7a03ba49-34a5-44c7-84da-0f85ee6174e0", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "anId" + } + ] + }, + "description": "Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint." + }, + "response": [ + { + "id": "f3f80dab-6fd7-4dcd-897c-c2fe73c033f7", + "name": "ServiceDeskIntegrationDto as updated", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}" + }, + { + "id": "ed320daf-0caa-41db-936c-bbfc69cee13a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "580bee43-b9de-4d4f-b65f-4668a39c1b18", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "222e41c3-83c6-4e98-a425-f5ef88de6ab6", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "d900f8bf-cfa5-4f84-b125-239aaf2cd7e0", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "601f09c2-aebe-475d-8241-8e290e9bdaf9", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "df7de7f0-8c3f-42d8-aea0-936f6d850bd3", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete a Service Desk integration by ID", + "id": "35e59e35-3b71-4952-97e8-08357f19b6bc", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "anId" + } + ] + }, + "description": "Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint." + }, + "response": [ + { + "id": "f9391450-6577-4e7a-8e99-3f825ea54a46", + "name": "Service Desk integration with the given ID successfully deleted", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "eb2f0887-40d9-4fed-a14d-22def30045fe", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "ee0a5103-734c-4846-87e9-7135a723719e", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "99e86b94-3d3c-4e93-b331-ac6be4ef48e8", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "834c4e02-8b93-48d9-9ae9-91ad6efa4f99", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "3d4bfd13-0c7f-4c6b-b15c-88a3d3e7b9e0", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "691bd06f-de01-46b4-abe7-9d98ce8122a4", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Service Desk Integration Update - PATCH", + "id": "74f01641-bb7c-479d-9faa-1f2e93717f2a", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"operations\": [\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"velit\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"commodo\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "anId" + } + ] + }, + "description": "Update an existing ServiceDeskIntegration by ID with a PATCH request." + }, + "response": [ + { + "id": "b95b0b33-596b-450b-90f6-ec252768c89e", + "name": "ServiceDeskIntegrationDto as updated", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"operations\": [\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"velit\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"commodo\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"description\": \"A very nice Service Desk integration\",\n \"name\": \"aName\",\n \"type\": \"ServiceNowSDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\",\n \"ownerRef\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"clusterRef\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"cluster\": \"xyzzy999\",\n \"managedSources\": [\n \"2c9180835d191a86015d28455b4a2329\",\n \"2c5680835d191a85765d28455b4a9823\"\n ],\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c91808568c529c60168cca6f90c1333\",\n \"name\": \"Example Rule\"\n }\n}" + }, + { + "id": "1f4f8772-e26c-4e72-8bce-c903c6ce74a9", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"operations\": [\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"velit\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"commodo\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "8a37e68a-eecf-4e7d-be09-39b4fd217572", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"operations\": [\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"velit\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"commodo\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "aa4ec7d2-8c5a-442f-9196-7f21e44e13d4", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"operations\": [\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"velit\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"commodo\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "6b62584a-cc1b-49e9-ae3d-e1c9be3fec8b", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"operations\": [\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"velit\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"commodo\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "a4b6419a-9846-44ee-b191-d28dd23d226c", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"operations\": [\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"velit\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"commodo\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "3f147bea-efec-4b38-9094-b90d68114d2b", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"operations\": [\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"velit\"\n },\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"commodo\"\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Service Desk Integration Types List.", + "id": "2962b9c5-01fc-4162-93ea-6a8df552e1e3", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/types", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "types" + ] + }, + "description": "This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint." + }, + "response": [ + { + "id": "2cd1d791-93ab-4f08-b2b4-227f44e01f0f", + "name": "Responds with an array of the currently supported Service Desk integration types.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/types", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "types" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"type\": \"aType\",\n \"scriptName\": \"aScriptName\",\n \"name\": \"aName\"\n },\n {\n \"type\": \"aType\",\n \"scriptName\": \"aScriptName\",\n \"name\": \"aName\"\n }\n]" + }, + { + "id": "1e424554-30f0-428f-9b34-50d000e7b00f", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/types", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "types" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "47d6af2e-207d-48db-a73f-f944003f7864", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/types", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "types" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "91dbf255-7a06-46a2-aee5-d50f00ec0322", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/types", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "types" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "5793a774-33b2-4f19-a471-deb13d859365", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/types", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "types" + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "5efd7e7b-cf81-40fb-b1d8-96a1ae357fc1", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/types", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "types" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "22218c15-7d04-4657-a3a3-26e81f6b6729", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/types", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "types" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Service Desk integration template by scriptName.", + "id": "9622ff76-b185-4701-878a-b39e81405f5a", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/templates/:scriptName", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "templates", + ":scriptName" + ], + "variable": [ + { + "key": "scriptName", + "value": "aScriptName" + } + ] + }, + "description": "This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint." + }, + "response": [ + { + "id": "dac274f6-b65e-43db-b699-865abb65f165", + "name": "Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/templates/:scriptName", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "templates", + ":scriptName" + ], + "variable": [ + { + "key": "scriptName" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"attributes\": {\n \"property\": \"value\",\n \"key\": \"value\"\n },\n \"name\": \"aName\",\n \"provisioningConfig\": {\n \"universalManager\": true,\n \"managedResourceRefs\": [\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 1\"\n },\n {\n \"type\": \"SOURCE\",\n \"name\": \"My Source 2\"\n }\n ],\n \"planInitializerScript\": {\n \"source\": \"\\\\r\\\\n\\\\r\\\\n\\\\r\\\\n Before Provisioning Rule which changes disables and enables to a modify.\\\\r\\\\n \\n\"\n }\n },\n \"type\": \"Web Service SDIM\",\n \"id\": \"id12345\",\n \"created\": \"2015-05-28T14:07:17Z\",\n \"modified\": \"2015-05-28T14:07:17Z\"\n}" + }, + { + "id": "bdb67313-772d-4166-b897-190b7940e935", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/templates/:scriptName", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "templates", + ":scriptName" + ], + "variable": [ + { + "key": "scriptName" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5f071031-9030-472d-92ee-89c2ed15a5dc", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/templates/:scriptName", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "templates", + ":scriptName" + ], + "variable": [ + { + "key": "scriptName" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0ca479c2-bdfb-43be-9c50-8c3bb0099cb5", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/templates/:scriptName", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "templates", + ":scriptName" + ], + "variable": [ + { + "key": "scriptName" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "c5b3ca0a-4412-4682-ab69-984931ac1c61", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/templates/:scriptName", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "templates", + ":scriptName" + ], + "variable": [ + { + "key": "scriptName" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "2ce8b93c-ab19-43d7-b08d-a2f845c4c413", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/templates/:scriptName", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "templates", + ":scriptName" + ], + "variable": [ + { + "key": "scriptName" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "81b248a9-f997-4b5d-a3d8-1fbbf0c5b925", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/templates/:scriptName", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "templates", + ":scriptName" + ], + "variable": [ + { + "key": "scriptName" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get the time check configuration of queued SDIM tickets", + "id": "c83c4e90-1f52-476c-a6da-50fd3b54a381", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + }, + "description": "Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint." + }, + "response": [ + { + "id": "6a4d38e4-35e2-42fb-be2e-7cf1364a1d59", + "name": "QueuedCheckConfigDetails containing the configured values", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}" + }, + { + "id": "b321ec6e-da2d-4c09-b775-bcdb4e79c5cc", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "048ccbe1-9d3e-40e3-bb39-738f7217684d", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "edb0579f-b40f-48cf-a73c-d0b6a5decc1f", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "bd061073-9dcf-4c99-b86e-6e9ca76448bd", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "f03bbe76-7c87-4659-9af9-55f5093f4ab1", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "971336ec-4f20-4fde-88f6-75ab49adbc59", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update the time check configuration of queued SDIM tickets", + "id": "635aaf79-3dfe-48dd-a6d6-3846cd7318fd", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + }, + "description": "Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint." + }, + "response": [ + { + "id": "1b06e6f5-93de-4c28-9a30-f74ac60d2ec2", + "name": "QueuedCheckConfigDetails as updated", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}" + }, + { + "id": "6e82c504-5076-45b2-a9af-2a49ac69c869", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "809555cf-650c-4e2e-a35f-a5e2bc00c020", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "48b460e3-5668-438a-ac19-bd8998aedd00", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "1c48092e-a703-4ce4-a7cd-3337b4ab1651", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "586385e2-8062-4636-8a68-35d0a10d1b8d", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "aed2589e-4f5e-4088-a661-b805d82e83cb", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"provisioningStatusCheckIntervalMinutes\": \"30\",\n \"provisioningMaxStatusCheckDays\": \"2\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/service-desk-integrations/status-check-configuration", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "service-desk-integrations", + "status-check-configuration" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "42194609-dbd9-42e4-bacf-166b414d54c9", + "description": "Use this API to build an integration between IdentityNow and a service desk ITSM (IT service management) solution. \nOnce an administrator builds this integration between IdentityNow and a service desk, users can use IdentityNow to raise and track tickets that are synchronized between IdentityNow and the service desk. \n\nIn IdentityNow, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.'\n\nTo create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page. \nRefer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in IdentityNow.\n\nAdministrators can create various service desk integrations, all with their own nuances. \nThe following service desk integrations are available: \n\n- [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html)\n\n- [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html)\n\n- [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html)\n\n- [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html)\n\n- [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html)\n\n- [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html)\n\n- [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html) \n" + }, + { + "name": "Sources", + "item": [ + { + "name": "Lists all sources in IdentityNow.", + "id": "7690b389-ee7c-42f9-a6bd-b2b38fd5ac96", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources?limit=250&offset=0&count=true&filters=name eq \"%23Employees\"&sorters=name&for-subadmin=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*", + "key": "filters", + "value": "name eq \"#Employees\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.", + "key": "for-subadmin", + "value": "name" + } + ] + }, + "description": "This end-point lists all the sources in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API." + }, + "response": [ + { + "id": "8240f428-4cce-485f-b707-50524e950f3d", + "name": "List of Source objects", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources?limit=250&offset=0&count=true&filters=name eq \"%23Employees\"&sorters=name&for-subadmin=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*", + "key": "filters", + "value": "name eq \"#Employees\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.", + "key": "for-subadmin", + "value": "name" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n },\n {\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n }\n]" + }, + { + "id": "ed161e9d-5ce7-4143-8224-cd84a20cd99b", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources?limit=250&offset=0&count=true&filters=name eq \"%23Employees\"&sorters=name&for-subadmin=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*", + "key": "filters", + "value": "name eq \"#Employees\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.", + "key": "for-subadmin", + "value": "name" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "dd47b176-8a5f-4bef-88ec-eedc93ee7b74", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources?limit=250&offset=0&count=true&filters=name eq \"%23Employees\"&sorters=name&for-subadmin=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*", + "key": "filters", + "value": "name eq \"#Employees\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.", + "key": "for-subadmin", + "value": "name" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "ded61d1a-b9ec-481e-8ac7-06496accda4c", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources?limit=250&offset=0&count=true&filters=name eq \"%23Employees\"&sorters=name&for-subadmin=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*", + "key": "filters", + "value": "name eq \"#Employees\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.", + "key": "for-subadmin", + "value": "name" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "4a0f7c44-9e4e-48e5-9e67-f4141b1124f7", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources?limit=250&offset=0&count=true&filters=name eq \"%23Employees\"&sorters=name&for-subadmin=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*", + "key": "filters", + "value": "name eq \"#Employees\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.", + "key": "for-subadmin", + "value": "name" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "6b0ed92b-0d1d-4711-9dd8-c49b793d1d40", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources?limit=250&offset=0&count=true&filters=name eq \"%23Employees\"&sorters=name&for-subadmin=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*", + "key": "filters", + "value": "name eq \"#Employees\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.", + "key": "for-subadmin", + "value": "name" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "9a104184-9384-4475-8cb6-5da10b42ef51", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources?limit=250&offset=0&count=true&filters=name eq \"%23Employees\"&sorters=name&for-subadmin=name", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\n\nFiltering is supported for the following fields and operators:\n\n**id**: *eq, in*\n\n**name**: *co, eq, in, sw*\n\n**type**: *eq, in*\n\n**owner.id**: *eq, in*\n\n**features**: *ca, co*\n\n**created**: *eq*\n\n**modified**: *eq*\n\n**managementWorkgroup.id**: *eq*\n\n**description**: *eq*\n\n**authoritative**: *eq*\n\n**healthy**: *eq*\n\n**status**: *eq, in*\n\n**connectionType**: *eq*\n\n**connectorName**: *eq*", + "key": "filters", + "value": "name eq \"#Employees\"" + }, + { + "description": "Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)\n\nSorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status**", + "key": "sorters", + "value": "name" + }, + { + "description": "Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user.\nSubadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned.", + "key": "for-subadmin", + "value": "name" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Creates a source in IdentityNow.", + "id": "e044e111-0494-461d-ac81-b793bedb2572", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources?provisionAsCsv=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Configures the source as a DelimitedFile type of source.", + "key": "provisionAsCsv", + "value": "false" + } + ] + }, + "description": "This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API." + }, + "response": [ + { + "id": "0fb894d2-28e0-4ec1-80b9-e42bf5add429", + "name": "Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources?provisionAsCsv=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Configures the source as a DelimitedFile type of source.", + "key": "provisionAsCsv", + "value": "false" + } + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}" + }, + { + "id": "653d9832-c8b1-4763-9a66-35f49585966d", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources?provisionAsCsv=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Configures the source as a DelimitedFile type of source.", + "key": "provisionAsCsv", + "value": "false" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "3acb7aa7-c1fc-4c7f-a45b-2d3be0aaf78a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources?provisionAsCsv=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Configures the source as a DelimitedFile type of source.", + "key": "provisionAsCsv", + "value": "false" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "5d726764-f234-475b-bfbe-48d38ee04a7a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources?provisionAsCsv=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Configures the source as a DelimitedFile type of source.", + "key": "provisionAsCsv", + "value": "false" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "87fc0f78-5dcc-4b6e-a971-0e33b2291386", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources?provisionAsCsv=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Configures the source as a DelimitedFile type of source.", + "key": "provisionAsCsv", + "value": "false" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "9271fd65-0978-445d-afa8-f27db84cb8c6", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources?provisionAsCsv=false", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources" + ], + "query": [ + { + "description": "Configures the source as a DelimitedFile type of source.", + "key": "provisionAsCsv", + "value": "false" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Source by ID", + "id": "8049c53e-681b-48be-97a2-6f08dc520fa5", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This end-point gets a specific source in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API." + }, + "response": [ + { + "id": "7ffcd2fb-5db9-4b2c-93c5-ec3686df2349", + "name": "A Source object", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}" + }, + { + "id": "8026becb-2953-4c53-841e-56c450a480f0", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "0a3dd5b2-319b-43c2-a55f-9191330d7d6b", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "be2637a8-04c3-4626-8ad9-cf0fe50f9504", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "4dbc6655-a6fb-4208-b1a8-6b22434f4933", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "67bf7daf-6ce2-4cb7-93b7-631459c76059", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "22da1a82-e24d-4c31-9f44-9545e50c1480", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Source (Full)", + "id": "be58698b-9cfb-407f-b34f-d420a0803259", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This API updates a source in IdentityNow, using a full object representation. In other words, the existing Source\nconfiguration is completely replaced.\n\nSome fields are immutable and cannot be changed, such as:\n\n* id\n* type\n* authoritative\n* connector\n* connectorClass\n* passwordPolicies\n\nAttempts to modify these fields will result in a 400 error.\n\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.\n" + }, + "response": [ + { + "id": "f1948653-fa39-4a46-9cae-c42e8d322d4d", + "name": "Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}" + }, + { + "id": "4dab3c88-92c7-47ce-b8ef-baf73453f1a3", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "6e32ccdb-2ad6-4dcd-a730-adb0e02eb07f", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "11fd2f1e-6ce0-4ef4-855e-c74ee02d6dbd", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "ee7956a5-9c33-4f08-8663-02dc31b9406f", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "2e241042-4b79-4189-bf97-db90590c3a1e", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "88ebd870-8a91-4468-95dc-2deafea7535b", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Source (Partial)", + "id": "9d65878d-8d60-4ede-a269-27082d189c42", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"new description\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This API partially updates a source in IdentityNow, using a list of patch operations according to the\n[JSON Patch](https://tools.ietf.org/html/rfc6902) standard.\n\nSome fields are immutable and cannot be changed, such as:\n\n* id\n* type\n* authoritative\n* created\n* modified\n* connector\n* connectorClass\n* passwordPolicies\n\nAttempts to modify these fields will result in a 400 error.\n\nA token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API.\n" + }, + "response": [ + { + "id": "09e3a649-c91e-471b-89be-cca09d643c58", + "name": "Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"new description\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}" + }, + { + "id": "19f38ebd-fead-430e-9121-d8a2ea483bad", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"new description\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "095acf9e-8bc4-44b6-8815-b6e9c07fa5cc", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"new description\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "dc46ea54-7af3-40a2-8e7d-fa59f44645ec", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"new description\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "caf91dde-4830-4701-9c35-c7e69599fed6", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"new description\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "bebf21c5-f52d-4bb1-bd4a-07ec10b8907b", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"new description\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "bb79dab5-b0f0-47dc-8235-7bce64a92a18", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"replace\",\n \"path\": \"/description\",\n \"value\": \"new description\"\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Source by ID", + "id": "91dbcb62-6516-4803-9f06-e98377d4370c", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This end-point deletes a specific source in IdentityNow.\nA token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API.\nAll of accounts on the source will be removed first, then the source will be deleted. Actual status of task execution can be retrieved via method GET `/task-status/{id}`" + }, + "response": [ + { + "id": "deb21205-8169-4aaf-b5e7-eef4fc483c76", + "name": "Accepted - Returned if the request was successfully accepted into the system.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Accepted", + "code": 202, + "_postman_previewlanguage": "Text", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"type\": \"TASK_RESULT\",\n \"id\": \"2c91808779ecf55b0179f720942f181a\",\n \"name\": \"n\"\n}" + }, + { + "id": "b6ad9885-cab6-4707-b792-82469553cec7", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "12944f45-2b8c-4e99-8fc7-5399c01298a4", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "f90a43c9-202d-461c-9c8b-84059cbdb62e", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "3e7284e3-f441-4e04-b724-fab734c9baa2", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "ce02289d-4209-4ada-bb57-b04a4245a099", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "56ed4b35-00da-4661-9db6-692804604df5", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Lists ProvisioningPolicies", + "id": "c2bc87de-b9b8-4b13-a895-80cbcbe4ded1", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This end-point lists all the ProvisioningPolicies in IdentityNow.\nA token with API, or ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "7543fd01-3568-4db2-9caf-f4e06939cf0c", + "name": "List of ProvisioningPolicyDto objects", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]" + }, + { + "id": "775210a5-07db-4382-ab13-5510051df3dd", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "aec0c6a0-54cb-4e95-94ed-825271849328", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "05004c64-7699-492b-ae89-6bc71c2b336d", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "dd6f7da1-da74-4e5d-9bce-3fc140376ce8", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "48981544-61b2-49cf-9449-c98941bce701", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "7ca03ba4-f19f-448e-bf31-15533a8924a2", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create Provisioning Policy", + "id": "76f0a7d2-50cd-4822-8b79-a76297dbc71b", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Account\",\n \"description\": \"Account Provisioning Policy\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"displayName\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"displayName\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"distinguishedName\",\n \"transform\": {\n \"type\": \"usernameGenerator\",\n \"attributes\": {\n \"sourceCheck\": true,\n \"patterns\": [\n \"CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\"\n ],\n \"fn\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"ln\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"lastname\"\n }\n },\n \"fi\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 1\n }\n },\n \"fti\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 2\n }\n }\n }\n },\n \"attributes\": {\n \"cloudMaxUniqueChecks\": \"5\",\n \"cloudMaxSize\": \"100\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"description\",\n \"transform\": {\n \"type\": \"static\",\n \"attributes\": {\n \"value\": \"\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types.\nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "9b3cf7bc-5461-40f2-b2d4-49ca4c4cf17c", + "name": "Created ProvisioningPolicyDto object", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Account\",\n \"description\": \"Account Provisioning Policy\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"displayName\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"displayName\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"distinguishedName\",\n \"transform\": {\n \"type\": \"usernameGenerator\",\n \"attributes\": {\n \"sourceCheck\": true,\n \"patterns\": [\n \"CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\"\n ],\n \"fn\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"ln\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"lastname\"\n }\n },\n \"fi\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 1\n }\n },\n \"fti\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 2\n }\n }\n }\n },\n \"attributes\": {\n \"cloudMaxUniqueChecks\": \"5\",\n \"cloudMaxSize\": \"100\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"description\",\n \"transform\": {\n \"type\": \"static\",\n \"attributes\": {\n \"value\": \"\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}" + }, + { + "id": "cecf987d-a69a-429e-8a6f-ed3f633ddb8c", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Account\",\n \"description\": \"Account Provisioning Policy\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"displayName\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"displayName\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"distinguishedName\",\n \"transform\": {\n \"type\": \"usernameGenerator\",\n \"attributes\": {\n \"sourceCheck\": true,\n \"patterns\": [\n \"CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\"\n ],\n \"fn\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"ln\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"lastname\"\n }\n },\n \"fi\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 1\n }\n },\n \"fti\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 2\n }\n }\n }\n },\n \"attributes\": {\n \"cloudMaxUniqueChecks\": \"5\",\n \"cloudMaxSize\": \"100\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"description\",\n \"transform\": {\n \"type\": \"static\",\n \"attributes\": {\n \"value\": \"\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "349beb48-c9d3-4860-a51e-449d0e58767e", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Account\",\n \"description\": \"Account Provisioning Policy\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"displayName\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"displayName\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"distinguishedName\",\n \"transform\": {\n \"type\": \"usernameGenerator\",\n \"attributes\": {\n \"sourceCheck\": true,\n \"patterns\": [\n \"CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\"\n ],\n \"fn\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"ln\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"lastname\"\n }\n },\n \"fi\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 1\n }\n },\n \"fti\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 2\n }\n }\n }\n },\n \"attributes\": {\n \"cloudMaxUniqueChecks\": \"5\",\n \"cloudMaxSize\": \"100\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"description\",\n \"transform\": {\n \"type\": \"static\",\n \"attributes\": {\n \"value\": \"\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "816765ae-b4fe-48e8-a91c-16ccb143ebc0", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Account\",\n \"description\": \"Account Provisioning Policy\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"displayName\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"displayName\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"distinguishedName\",\n \"transform\": {\n \"type\": \"usernameGenerator\",\n \"attributes\": {\n \"sourceCheck\": true,\n \"patterns\": [\n \"CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\"\n ],\n \"fn\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"ln\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"lastname\"\n }\n },\n \"fi\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 1\n }\n },\n \"fti\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 2\n }\n }\n }\n },\n \"attributes\": {\n \"cloudMaxUniqueChecks\": \"5\",\n \"cloudMaxSize\": \"100\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"description\",\n \"transform\": {\n \"type\": \"static\",\n \"attributes\": {\n \"value\": \"\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "e6f4147a-5317-492d-b1e1-a0ecfbf351fb", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Account\",\n \"description\": \"Account Provisioning Policy\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"displayName\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"displayName\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"distinguishedName\",\n \"transform\": {\n \"type\": \"usernameGenerator\",\n \"attributes\": {\n \"sourceCheck\": true,\n \"patterns\": [\n \"CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\"\n ],\n \"fn\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"ln\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"lastname\"\n }\n },\n \"fi\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 1\n }\n },\n \"fti\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 2\n }\n }\n }\n },\n \"attributes\": {\n \"cloudMaxUniqueChecks\": \"5\",\n \"cloudMaxSize\": \"100\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"description\",\n \"transform\": {\n \"type\": \"static\",\n \"attributes\": {\n \"value\": \"\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "04339e68-079c-4609-9235-8928c5983904", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Account\",\n \"description\": \"Account Provisioning Policy\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"displayName\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"displayName\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"distinguishedName\",\n \"transform\": {\n \"type\": \"usernameGenerator\",\n \"attributes\": {\n \"sourceCheck\": true,\n \"patterns\": [\n \"CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\"\n ],\n \"fn\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"ln\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"lastname\"\n }\n },\n \"fi\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 1\n }\n },\n \"fti\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 2\n }\n }\n }\n },\n \"attributes\": {\n \"cloudMaxUniqueChecks\": \"5\",\n \"cloudMaxSize\": \"100\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"description\",\n \"transform\": {\n \"type\": \"static\",\n \"attributes\": {\n \"value\": \"\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "95c2c1e5-fae5-4a7f-9c0e-6ace61aff4f0", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Account\",\n \"description\": \"Account Provisioning Policy\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"displayName\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"displayName\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"distinguishedName\",\n \"transform\": {\n \"type\": \"usernameGenerator\",\n \"attributes\": {\n \"sourceCheck\": true,\n \"patterns\": [\n \"CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\",\n \"CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com\"\n ],\n \"fn\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"ln\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"lastname\"\n }\n },\n \"fi\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 1\n }\n },\n \"fti\": {\n \"type\": \"substring\",\n \"attributes\": {\n \"input\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"firstname\"\n }\n },\n \"begin\": 0,\n \"end\": 2\n }\n }\n }\n },\n \"attributes\": {\n \"cloudMaxUniqueChecks\": \"5\",\n \"cloudMaxSize\": \"100\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"description\",\n \"transform\": {\n \"type\": \"static\",\n \"attributes\": {\n \"value\": \"\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Provisioning Policy by UsageType", + "id": "e9d6dc1d-d6b8-4e21-8afe-7623c7f437ef", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + }, + { + "key": "usageType", + "value": "REGISTER" + } + ] + }, + "description": "This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow.\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API." + }, + "response": [ + { + "id": "32c9bbef-a70e-4204-8b0e-33b71fa4414c", + "name": "The requested ProvisioningPolicyDto was successfully retrieved.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}" + }, + { + "id": "adf5cb99-e585-4be8-a5d9-d75a02cdb9fc", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "426b331b-0757-4512-a4ca-d501d9b777de", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "a9a5ccdf-ee08-47ed-a952-2193eedeff6a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "8d97470f-643d-49b8-aa46-3d397f18779e", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "2397e069-63ff-4973-b9bd-9edcf99fbe69", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "84030904-22b7-468a-bee6-a215c65e47d7", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Provisioning Policy by UsageType", + "id": "3101a64a-4417-4f92-85d5-f9e07abae606", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + }, + { + "key": "usageType", + "value": "CREATE" + } + ] + }, + "description": "This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow.\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API." + }, + "response": [ + { + "id": "d828f0c6-9761-40e2-b722-fd1e9036c219", + "name": "The ProvisioningPolicyDto was successfully replaced.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}" + }, + { + "id": "7b25fb03-6b47-4d89-82b5-49b68b5cd51f", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "bde1fc74-1000-47ca-a9b6-23b0eed7f10d", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "a6e45d98-a64a-4ed3-9aea-1d9a9f04299a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "602d0880-d963-4a8a-ad80-ca754db6a654", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "4c5e7d0b-977e-4046-a092-187dd5971bb0", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "e5bede19-4458-4233-8b83-3e00ff0f119f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Partial update of Provisioning Policy", + "id": "2fe8d80b-496d-470c-9b6d-092e72bd3cc3", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/fields/0\",\n \"value\": {\n \"name\": \"email\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"email\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + }, + { + "key": "usageType", + "value": "CREATE" + } + ] + }, + "description": "This API selectively updates an existing Provisioning Policy using a JSONPatch payload.\nA token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API." + }, + "response": [ + { + "id": "64ffeb67-ed39-4a78-8e58-1b3f772e6a0d", + "name": "The ProvisioningPolicyDto was successfully updated.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/fields/0\",\n \"value\": {\n \"name\": \"email\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"email\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n}" + }, + { + "id": "30f20726-1100-4b2c-b7f2-2334cfbbcd53", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/fields/0\",\n \"value\": {\n \"name\": \"email\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"email\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "1805bc11-6ba0-49eb-b0be-c429e196112c", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/fields/0\",\n \"value\": {\n \"name\": \"email\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"email\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "6e8e32be-559f-4061-9e89-ced9d635ad07", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/fields/0\",\n \"value\": {\n \"name\": \"email\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"email\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "7682364b-b1b0-4323-bfd7-5794f8a465b9", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/fields/0\",\n \"value\": {\n \"name\": \"email\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"email\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "5907a751-dae7-4b57-a8b3-179c74ec2efa", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/fields/0\",\n \"value\": {\n \"name\": \"email\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"email\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "550bfc29-1b88-489a-8df6-2ab9a34a4083", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/fields/0\",\n \"value\": {\n \"name\": \"email\",\n \"transform\": {\n \"type\": \"identityAttribute\",\n \"attributes\": {\n \"name\": \"email\"\n }\n },\n \"attributes\": {},\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Provisioning Policy by UsageType", + "id": "1984e7bb-cb0d-4d7a-9304-3a7704c71780", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + }, + { + "key": "usageType", + "value": "CREATE" + } + ] + }, + "description": "Deletes the provisioning policy with the specified usage on an application.\nA token with API, or ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "b58b96de-9347-49bc-8669-c37e8adf0e7c", + "name": "The ProvisioningPolicyDto was successfully deleted.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "5c55fe81-221c-4a14-b21c-4a403027964d", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "75001d2b-b20d-434c-bc49-0efa41fdd85a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "7eb15be8-e1f1-4cb4-a9cf-f44aec84a650", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "fad9038d-961f-4f14-8e56-8e002c4c8250", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "db2efeec-b4b7-4a9b-9789-1ae0e9fe9f00", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "589c0060-48ee-4fc7-b424-90e8e5db9359", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/:usageType", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + ":usageType" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "usageType" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Bulk Update Provisioning Policies", + "id": "dfdec9df-e200-4253-84dc-886750418ec9", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/bulk-update", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + "bulk-update" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This end-point updates a list of provisioning policies on the specified source in IdentityNow.\nA token with API, or ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "8521c21d-961c-407c-9be0-7436f6078bdd", + "name": "A list of the ProvisioningPolicyDto was successfully replaced.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/bulk-update", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + "bulk-update" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]" + }, + { + "id": "4013d09e-24d2-46f8-9fc4-018309632cd1", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/bulk-update", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + "bulk-update" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "922e87c9-c9c9-4566-9cca-4c9eef17e244", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/bulk-update", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + "bulk-update" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "e98aa926-0f2e-41e0-9427-1ab59e1dfaef", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/bulk-update", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + "bulk-update" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "9ae34da7-c99f-4180-bc2e-e933550460b1", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/bulk-update", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + "bulk-update" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "fb9ec172-9c8c-459a-9905-cf28f8dd2ddf", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/bulk-update", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + "bulk-update" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "cb36bc2d-3b54-4fae-b3a7-da2756464ec0", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n },\n {\n \"name\": \"example provisioning policy for inactive identities\",\n \"description\": \"this provisioning policy creates access based on an identity going inactive\",\n \"usageType\": \"CREATE\",\n \"fields\": [\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n },\n {\n \"name\": \"userName\",\n \"transform\": {\n \"type\": \"rule\",\n \"attributes\": {\n \"name\": \"Create Unique LDAP Attribute\"\n }\n },\n \"attributes\": {\n \"template\": \"${firstname}.${lastname}${uniqueCounter}\",\n \"cloudMaxUniqueChecks\": \"50\",\n \"cloudMaxSize\": \"20\",\n \"cloudRequired\": \"true\"\n },\n \"isRequired\": false,\n \"type\": \"string\",\n \"isMultiValued\": false\n }\n ]\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/provisioning-policies/bulk-update", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "provisioning-policies", + "bulk-update" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "List Schemas on a Source", + "id": "9b634270-483a-44b1-a0a3-e22b1409a87a", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas?include-types=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "query": [ + { + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "key": "include-types", + "value": "group" + } + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "Lists the Schemas that exist on the specified Source in IdentityNow.\n" + }, + "response": [ + { + "id": "6593af08-c757-4fca-9d98-ab4871bb403c", + "name": "The Schemas were successfully retrieved.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas?include-types=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "query": [ + { + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "key": "include-types", + "value": "group" + } + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n },\n {\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n }\n]" + }, + { + "id": "e7dfc09f-5e09-42a0-94dc-85d2ad2d820f", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas?include-types=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "query": [ + { + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "key": "include-types", + "value": "group" + } + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5712208c-5b5c-4fd1-bc67-cd6a65c3749d", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas?include-types=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "query": [ + { + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "key": "include-types", + "value": "group" + } + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "8777f1af-bbb9-4286-9570-655a7bb9fd93", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas?include-types=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "query": [ + { + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "key": "include-types", + "value": "group" + } + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "5c019d97-4c1b-44fb-b68a-fbc671f6e6fb", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas?include-types=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "query": [ + { + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "key": "include-types", + "value": "group" + } + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "23f8bb58-aea4-4df9-86e7-135500200dce", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas?include-types=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "query": [ + { + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "key": "include-types", + "value": "group" + } + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "91520d03-d479-4d1f-8b2a-5964bfe8b67a", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas?include-types=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "query": [ + { + "description": "If set to 'group', then the account schema is filtered and only group schemas are returned. Only a value of 'group' is recognized.", + "key": "include-types", + "value": "group" + } + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create Schema on a Source", + "id": "bc56934b-1833-4243-9274-8cc3ba597d01", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "Creates a new Schema on the specified Source in IdentityNow.\n" + }, + "response": [ + { + "id": "9cc9b043-8064-4698-ae42-78d8eee77911", + "name": "The Schema was successfully created on the specified Source.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}" + }, + { + "id": "3e15a9cc-addc-44fa-9521-1cf8bcec91fd", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "ad8abf2f-63b5-4477-82a1-eeeb11976af6", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "2fd0675e-9fe8-4dbb-b8a4-015c853cf5fe", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "5221fbee-dace-4e60-ad39-421350f01f55", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "bc6627a7-c1d1-4249-bee7-261e3ada9b00", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get Source Schema by ID", + "id": "b9200ae7-5854-4782-90f2-fd5c6a5fdea6", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + }, + { + "key": "schemaId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "Get the Source Schema by ID in IdentityNow.\n" + }, + "response": [ + { + "id": "bb7e3c98-1bf5-4b61-a26d-b461d102e74b", + "name": "The requested Schema was successfully retrieved.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}" + }, + { + "id": "41505b53-0a5b-4c77-85b6-fa51b1750d7a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "a17680f2-4d88-47af-ba5f-024200bb29fc", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "5c938e7e-3ec1-4353-8aca-fa10c63492af", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "c10ad7df-cf74-498e-9de5-bf13423abafd", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "0fc78d6f-d4f9-4121-80f3-3b7260d9089c", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "a7a8253e-fb95-4a53-b0ce-3ec29beaaefd", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Source Schema (Full)", + "id": "f4910111-9bfd-4b36-af3b-a870bde212bf", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + }, + { + "key": "schemaId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below.\n\n* id\n* name\n* created\n* modified\n\nAny attempt to modify these fields will result in an error response with a status code of 400.\n\n> `id` must remain in the request body, but it cannot be changed. If `id` is omitted from the request body, the result will be a 400 error.\n" + }, + "response": [ + { + "id": "e1612a26-e846-4071-a6ec-9550d126a813", + "name": "The Schema was successfully replaced.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}" + }, + { + "id": "270f70f4-9a59-411b-8f13-0297a4c13549", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "644d662b-e5b2-4a43-a2fc-f8ac1f055fe3", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "baf75151-2963-420d-a0d4-33701418124c", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "6c7caa06-1bf6-4d20-abe7-590a4a9cf249", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "ef1f16bc-9a1c-4510-bc12-4eeeecd08018", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "d4415b33-86ef-435a-8ea3-408d46fe51cc", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update Source Schema (Partial)", + "id": "4e591f01-7148-44aa-bdff-5f7d03bdc5a7", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/attributes/-\",\n \"value\": {\n \"name\": \"location\",\n \"type\": \"STRING\",\n \"schema\": null,\n \"description\": \"Employee location\",\n \"isMulti\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + }, + { + "key": "schemaId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "Use this API to selectively update an existing Schema using a JSONPatch payload. \n\nThe following schema fields are immutable and cannot be updated:\n\n- id\n- name\n- created\n- modified\n\n\nTo switch an account attribute to a group entitlement, you need to have the following in place:\n\n- `isEntitlement: true`\n- Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group:\n```json\n{\n \"name\": \"groups\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"id\": \"2c9180887671ff8c01767b4671fc7d60\",\n \"name\": \"group\"\n },\n \"description\": \"The groups, roles etc. that reference account group objects\",\n \"isMulti\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n}\n```\n" + }, + "response": [ + { + "id": "2c7c60c1-cc71-4d07-a535-060f42b1ae1a", + "name": "The Schema was successfully updated.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/attributes/-\",\n \"value\": {\n \"name\": \"location\",\n \"type\": \"STRING\",\n \"schema\": null,\n \"description\": \"Employee location\",\n \"isMulti\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}" + }, + { + "id": "b1f34d83-6e93-4a2d-96d3-67f7c0e47739", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/attributes/-\",\n \"value\": {\n \"name\": \"location\",\n \"type\": \"STRING\",\n \"schema\": null,\n \"description\": \"Employee location\",\n \"isMulti\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "97ad867e-c9e9-4ef3-8177-ff3795f41a6a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/attributes/-\",\n \"value\": {\n \"name\": \"location\",\n \"type\": \"STRING\",\n \"schema\": null,\n \"description\": \"Employee location\",\n \"isMulti\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "598c43f3-7a17-47ea-8d24-8c8a921d28ea", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/attributes/-\",\n \"value\": {\n \"name\": \"location\",\n \"type\": \"STRING\",\n \"schema\": null,\n \"description\": \"Employee location\",\n \"isMulti\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "001a6136-65ea-47cd-8453-68be076ae1df", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/attributes/-\",\n \"value\": {\n \"name\": \"location\",\n \"type\": \"STRING\",\n \"schema\": null,\n \"description\": \"Employee location\",\n \"isMulti\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "35f68f93-2c9f-40c2-af80-ad98c82d3a98", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/attributes/-\",\n \"value\": {\n \"name\": \"location\",\n \"type\": \"STRING\",\n \"schema\": null,\n \"description\": \"Employee location\",\n \"isMulti\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "edfe0c1a-97d1-42b8-86c5-018ff530075c", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PATCH", + "header": [ + { + "key": "Content-Type", + "value": "application/json-patch+json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "[\n {\n \"op\": \"add\",\n \"path\": \"/attributes/-\",\n \"value\": {\n \"name\": \"location\",\n \"type\": \"STRING\",\n \"schema\": null,\n \"description\": \"Employee location\",\n \"isMulti\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n }\n }\n]", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete Source Schema by ID", + "id": "1c897949-26f5-41c1-a3c3-a1cd04c152ae", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + }, + { + "key": "schemaId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + } + }, + "response": [ + { + "id": "3666806c-0c44-4f62-820e-b3ba459124ce", + "name": "The Schema was successfully deleted.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "6f90dea7-6e35-4c3e-a3e6-1798be1d9c3a", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "03b63da8-b453-4e84-8914-aa37902c658f", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "3e999296-0386-49d6-8f45-b59bbb0bbdb3", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "f952070f-2554-4f82-bc99-8555fae0b8ca", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "6804b515-6eb6-4072-82be-a55b7cfb2691", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f88c1e7b-c6f8-470f-a9a6-6c6c4ad26449", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/schemas/:schemaId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "schemas", + ":schemaId" + ], + "variable": [ + { + "key": "sourceId" + }, + { + "key": "schemaId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "This API fetches source health by source's id", + "id": "1846dd4b-5daf-405a-80e5-810b333d9733", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/source-health", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "source-health" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This endpoint fetches source health by source's id" + }, + "response": [ + { + "id": "e410ce98-c05e-430b-93c8-3c5ebfe94822", + "name": "Fetched source health successfully", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/source-health", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "source-health" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"type\": \"OpenLDAP - Direct\",\n \"name\": \"Source1234\",\n \"org\": \"denali-cjh\",\n \"isAuthoritative\": false,\n \"isCluster\": false,\n \"hostname\": \"megapod-useast1-secret-hostname.sailpoint.com\",\n \"pod\": \"megapod-useast1\",\n \"iqServiceVersion\": \"iqVersion123\",\n \"status\": \"SOURCE_STATE_UNCHECKED_SOURCE\"\n}" + }, + { + "id": "286a406a-a700-4cd7-a369-adf87629fcc2", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/source-health", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "source-health" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "6e658af1-fab0-4951-9d0e-5641c19101fd", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/source-health", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "source-health" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "431004f9-7166-4a24-aa6a-20eb610ff079", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/source-health", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "source-health" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "24e9d57a-7d92-41d3-81c5-769c4226efc4", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/source-health", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "source-health" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "b4fd75d4-bc5d-4f8e-a182-b3ffdc6b9fa0", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/source-health", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "source-health" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "eb516700-039e-46b8-b7a7-b956fb93505a", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/source-health", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "source-health" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Downloads source accounts schema template", + "id": "7d295cfb-a083-4dc0-8fed-7ae97ac5538d", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "text/csv" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ] + }, + "description": "This API downloads the CSV schema that defines the account attributes on a source.\n>**NOTE: This API is designated only for Delimited File sources.**" + }, + "response": [ + { + "id": "51859f40-b5ea-4283-bf0c-ec1ec8f706d4", + "name": "Successfully downloaded the file", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "text", + "header": [ + { + "key": "Content-Type", + "value": "text/csv" + } + ], + "cookie": [], + "body": "id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate" + }, + { + "id": "7413c2f6-865e-45b6-9407-5eff07789511", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "0862b962-4788-49ff-bdd5-1f7b82bdc59a", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0cc10d54-a94c-4efc-ad15-19d9c0514372", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "5125dfae-3140-4208-bbb5-81888027261a", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "6e7ef36e-ae98-4938-923f-54e7d3e6670e", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "fc586504-c0e9-4348-ad28-eda955def458", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Uploads source accounts schema template", + "id": "27d008f8-208c-4d87-abe5-15ea33001ef0", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ] + }, + "description": "This API uploads a source schema template file to configure a source's account attributes.\n\nTo retrieve the file to modify and upload, log into Identity Now. \n\nClick **Admin** -> **Connections** -> **Sources** -> **``** -> **Import Data** -> **Account Schema** -> **Options** -> **Download Schema**\n\n>**NOTE: This API is designated only for Delimited File sources.**" + }, + "response": [ + { + "id": "abf323c0-c98a-4a3c-aba8-6d32277d4af2", + "name": "Successfully uploaded the file", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}" + }, + { + "id": "6deefb88-5a8b-4371-bd6a-8690e5d3881c", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "b394d39d-b4f1-40e1-b071-11ebe52b80f1", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "86270c53-b3e6-4d6a-bb57-81cc8dacf218", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "1718988a-5ea6-4017-9121-a18eda32f00d", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "dc3bc7d3-d87b-430f-b955-13e9509b1ef7", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/accounts", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "accounts" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Downloads source entitlements schema template", + "id": "e4bd57b5-043c-43db-9b53-4503b9005cb1", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "text/csv" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ] + }, + "description": "This API downloads the CSV schema that defines the entitlement attributes on a source.\n\n>**NOTE: This API is designated only for Delimited File sources.**" + }, + "response": [ + { + "id": "58f43644-49d1-4d8b-a6a0-f15a916855da", + "name": "Successfully downloaded the file", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "text", + "header": [ + { + "key": "Content-Type", + "value": "text/csv" + } + ], + "cookie": [], + "body": "id,name,displayName,created,description,modified,entitlements,groups,permissions" + }, + { + "id": "f0aafcc0-672e-44b9-8b3f-6ca0fad54731", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "179887bc-b668-410c-809d-50c703b29a2b", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "6c6549ab-afc8-4b68-9cd0-7361906663df", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "1796944e-4913-4c8b-a1c3-73f66b1fc1ca", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "6b5e7f9b-abf6-49f9-b8c6-b46888ab4da2", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "2a42238a-ec47-4206-b690-21e7429ec88f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Uploads source entitlements schema template", + "id": "328b3c97-0e02-457b-a93d-4fd263b44504", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id", + "value": "8c190e6787aa4ed9a90bd9d5344523fb" + } + ] + }, + "description": "This API uploads a source schema template file to configure a source's entitlement attributes.\n\nTo retrieve the file to modify and upload, log into Identity Now. \n\nClick **Admin** -> **Connections** -> **Sources** -> **``** -> **Import Data** -> **Import Entitlements** -> **Download**\n\n>**NOTE: This API is designated only for Delimited File sources.**" + }, + "response": [ + { + "id": "2a0fc16c-871c-4259-854d-d9fbf18b49eb", + "name": "Successfully uploaded the file", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d191a86015d28455b4a2329\",\n \"name\": \"account\",\n \"nativeObjectType\": \"User\",\n \"identityAttribute\": \"sAMAccountName\",\n \"displayAttribute\": \"distinguishedName\",\n \"hierarchyAttribute\": \"memberOf\",\n \"includePermissions\": false,\n \"features\": [\n \"PROVISIONING\",\n \"NO_PERMISSIONS_PROVISIONING\",\n \"GROUPS_HAVE_MEMBERS\"\n ],\n \"configuration\": {\n \"groupMemberAttribute\": \"member\"\n },\n \"attributes\": [\n {\n \"name\": \"sAMAccountName\",\n \"type\": \"STRING\",\n \"isMultiValued\": false,\n \"isEntitlement\": false,\n \"isGroup\": false\n },\n {\n \"name\": \"memberOf\",\n \"type\": \"STRING\",\n \"schema\": {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n },\n \"description\": \"Group membership\",\n \"isMultiValued\": true,\n \"isEntitlement\": true,\n \"isGroup\": true\n }\n ],\n \"created\": \"2019-12-24T22:32:58.104Z\",\n \"modified\": \"2019-12-31T20:22:28.104Z\"\n}" + }, + { + "id": "8c3af8d5-7f35-47ee-b42c-5d3cedbd08e2", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "670e2f0e-fd8a-4fe0-829a-f7951318fcda", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "531008be-3ea5-4d0e-befe-0c617f0bcbe2", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "7fc764aa-2d5b-4922-a127-7315f7dc3f13", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "abee83fa-af9e-4980-963d-327c950c5036", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:id/schemas/entitlements?schemaName=?schemaName=group", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":id", + "schemas", + "entitlements" + ], + "query": [ + { + "description": "Name of entitlement schema", + "key": "schemaName", + "value": "?schemaName=group" + } + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Upload connector file to source", + "id": "f78d57bf-222d-4c89-a9b1-bee44fe42dcd", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/upload-connector-file", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "upload-connector-file" + ], + "variable": [ + { + "key": "sourceId", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events.\nA token with ORG_ADMIN authority is required to call this API." + }, + "response": [ + { + "id": "6fb4caf3-6869-4a9e-8ccb-e543a25c46f3", + "name": "Uploaded the file successfully and sent all post-upload events", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/upload-connector-file", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "upload-connector-file" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"My Source\",\n \"owner\": {\n \"type\": \"IDENTITY\",\n \"id\": \"2c91808568c529c60168cca6f90c1313\",\n \"name\": \"MyName\"\n },\n \"connector\": \"active-directory\",\n \"id\": \"2c91808568c529c60168cca6f90c1324\",\n \"description\": \"This is the corporate directory.\",\n \"cluster\": {\n \"type\": \"CLUSTER\",\n \"id\": \"2c9180866166b5b0016167c32ef31a66\",\n \"name\": \"Corporate Cluster\"\n },\n \"accountCorrelationConfig\": {\n \"type\": \"ACCOUNT_CORRELATION_CONFIG\",\n \"id\": \"2c9180855d191c59015d28583727245a\",\n \"name\": \"Directory [source-62867] Account Correlation\"\n },\n \"accountCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"managerCorrelationMapping\": {\n \"accountAttribute\": \"manager\",\n \"identityAttribute\": \"manager\"\n },\n \"managerCorrelationRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"beforeProvisioningRule\": {\n \"type\": \"RULE\",\n \"id\": \"2c918085708c274401708c2a8a760001\",\n \"name\": \"Example Rule\"\n },\n \"schemas\": [\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"account\"\n },\n {\n \"type\": \"CONNECTOR_SCHEMA\",\n \"name\": \"group\"\n }\n ],\n \"passwordPolicies\": [\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Corporate Password Policy\"\n },\n {\n \"type\": \"PASSWORD_POLICY\",\n \"name\": \"Vendor Password Policy\"\n }\n ],\n \"features\": [\n \"SYNC_PROVISIONING\",\n \"MANAGER_LOOKUP\",\n \"SEARCH\",\n \"PROVISIONING\",\n \"AUTHENTICATE\",\n \"GROUP_PROVISIONING\",\n \"PASSWORD\"\n ],\n \"type\": \"OpenLDAP - Direct\",\n \"connectorClass\": \"sailpoint.connector.LDAPConnector\",\n \"connectorAttributes\": {\n \"healthCheckTimeout\": 30,\n \"authSearchAttributes\": [\n \"cn\",\n \"uid\",\n \"mail\"\n ]\n },\n \"deleteThreshold\": 10,\n \"authoritative\": false,\n \"managementWorkgroup\": {\n \"type\": \"GOVERNANCE_GROUP\",\n \"id\": \"2c91808568c529c60168cca6f90c2222\",\n \"name\": \"My Management Workgroup\"\n },\n \"healthy\": true,\n \"status\": \"SOURCE_STATE_HEALTHY\",\n \"since\": \"2021-09-28T15:48:29.3801666300Z\",\n \"connectorId\": \"active-directory\",\n \"connectorName\": \"Active Directory\",\n \"connectionType\": \"file\",\n \"connectorImplementstionId\": \"delimited-file\"\n}" + }, + { + "id": "5e55754c-0a3a-4ec8-99ba-19010d7969ff", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/upload-connector-file", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "upload-connector-file" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "359547d5-b97b-4a63-bd4c-d0d1d2d538bf", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/upload-connector-file", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "upload-connector-file" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "497b15a3-c573-4fa7-830d-26ae78827a84", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/upload-connector-file", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "upload-connector-file" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "db54091d-1de2-40a4-809c-a69251693a0e", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/upload-connector-file", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "upload-connector-file" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "c419748c-c356-4423-9386-d8edb50df23f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "multipart/form-data" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "formdata", + "formdata": [ + { + "key": "file", + "value": "irure id enim", + "type": "text" + } + ] + }, + "url": { + "raw": "{{baseUrl}}/sources/:sourceId/upload-connector-file", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "sources", + ":sourceId", + "upload-connector-file" + ], + "variable": [ + { + "key": "sourceId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "af986c8d-6021-40a6-af1b-58a20417164d", + "description": "Use this API to implement and customize source functionality. \nWith source functionality in place, organizations can use IdentityNow to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way. \n\n[Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) refer to the IdentityNow representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example.\nOrganizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records. \nConnecting these sources to IdentityNow makes it possible to manage user access across them all.\nThen, if a new hire starts at an organization, IdentityNow can grant the new hire access to all the sources they need.\nIf an employee moves to a new department and needs access to new sources but no longer needs access to others, IdentityNow can grant the necessary access and revoke the unnecessary access for all the employee's various sources. \nIf an employee leaves the company, IdentityNow can revoke access to all the employee's various source accounts immediately. \nThese are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure. \n\nIn IdentityNow, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so.\nThey can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups.\nAdmins go to Connections > Sources to see a list of the existing source representations in their organizations. \nThey can create new sources or select existing ones. \n\nTo create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type.\nRefer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process. \n\nIdentityNow connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in.\nDifferent sources use different connectors to share data with IdentityNow, and each connector's setup process is specific to that connector. \nSailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors.\nRefer to [IdentityNow Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors. \nRefer to the following links for more information about two useful connectors: \n\n- [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity).\n\n- [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services. \n\nRefer to [SaaS Connectivity](https://developer.sailpoint.com/idn/docs/saas-connectivity) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources. \n\nWhen admins select existing sources, they can view the following information about the source:\n\n- Associated connections (any associated identity profiles, apps, or references to the source in a transform).\n\n- Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources.\n\n- Associated entitlements (sets of access rights on sources).\n\n- Associated access profiles (groupings of entitlements). \n\nThe user account data and the entitlements update with each data aggregation from the source. \nOrganizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their IdentityNow tenants so an access change on a source is detected quickly in IdentityNow.\nAdmins can view a history of these aggregations, and they can also run manual imports. \nRefer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations. \n\nAdmins can also make changes to determine which user account data IdentityNow collects from the source and how it correlates that account data with identity data. \nTo define which account attributes the source shares with IdentityNow, admins can edit the account schema on the source.\nRefer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them. \nTo define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source. \nRefer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities.\n\nAdmins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform.\nRefer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html#deleting-sources) for more information about deleting sources. \n\nWell organized, mappped out connections between sources and IdentityNow are essential to achieving comprehensive identity access governance across all the source systems organizations need. \nRefer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about all the different things admins can do with sources once they are connected. \n" + }, + { + "name": "Transforms", + "item": [ + { + "name": "List transforms", + "id": "0ef606e1-4c19-4168-a7e1-05b145cecdfa", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms?offset=0&limit=250&count=true&name=ExampleTransformName123&filters=name eq \"Uppercase\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Name of the transform to retrieve from the list.", + "key": "name", + "value": "ExampleTransformName123" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "key": "filters", + "value": "name eq \"Uppercase\"" + } + ] + }, + "description": "Gets a list of all saved transform objects.\nA token with transforms-list read authority is required to call this API." + }, + "response": [ + { + "id": "8c7ab10b-bc22-4fc7-ae9a-4908f74da928", + "name": "A list of transforms matching the given criteria.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms?offset=0&limit=250&count=true&name=ExampleTransformName123&filters=name eq \"Uppercase\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Name of the transform to retrieve from the list.", + "key": "name", + "value": "ExampleTransformName123" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "key": "filters", + "value": "name eq \"Uppercase\"" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2cd78adghjkja34jh2b1hkjhasuecd\",\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n },\n \"internal\": false\n },\n {\n \"id\": \"2lkas8dhj4bkuakja77giih7l4ashh\",\n \"name\": \"PrefixSubstring\",\n \"type\": \"substring\",\n \"attributes\": {\n \"begin\": 0,\n \"end\": 3\n },\n \"internal\": true\n }\n]" + }, + { + "id": "008e0cf8-1f84-47db-a088-be81464bbdf0", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms?offset=0&limit=250&count=true&name=ExampleTransformName123&filters=name eq \"Uppercase\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Name of the transform to retrieve from the list.", + "key": "name", + "value": "ExampleTransformName123" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "key": "filters", + "value": "name eq \"Uppercase\"" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "8109e702-2092-4156-b147-8b50063507f7", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms?offset=0&limit=250&count=true&name=ExampleTransformName123&filters=name eq \"Uppercase\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Name of the transform to retrieve from the list.", + "key": "name", + "value": "ExampleTransformName123" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "key": "filters", + "value": "name eq \"Uppercase\"" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "9807bd0d-01e1-4f41-8272-c6e35e836968", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms?offset=0&limit=250&count=true&name=ExampleTransformName123&filters=name eq \"Uppercase\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Name of the transform to retrieve from the list.", + "key": "name", + "value": "ExampleTransformName123" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "key": "filters", + "value": "name eq \"Uppercase\"" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "30683f34-dd74-40c8-bf9f-a309610ddb99", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms?offset=0&limit=250&count=true&name=ExampleTransformName123&filters=name eq \"Uppercase\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Name of the transform to retrieve from the list.", + "key": "name", + "value": "ExampleTransformName123" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "key": "filters", + "value": "name eq \"Uppercase\"" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "b3b33831-4487-4438-8870-ba885fcaf37e", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms?offset=0&limit=250&count=true&name=ExampleTransformName123&filters=name eq \"Uppercase\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Name of the transform to retrieve from the list.", + "key": "name", + "value": "ExampleTransformName123" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "key": "filters", + "value": "name eq \"Uppercase\"" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "17cbae1a-758d-45f6-8b4f-0536c8e4133c", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms?offset=0&limit=250&count=true&name=ExampleTransformName123&filters=name eq \"Uppercase\"", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ], + "query": [ + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "Name of the transform to retrieve from the list.", + "key": "name", + "value": "ExampleTransformName123" + }, + { + "description": "Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)\nFiltering is supported for the following fields and operators:\n**internal**: *eq*\n**name**: *eq*, *sw*", + "key": "filters", + "value": "name eq \"Uppercase\"" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Create transform", + "id": "09237615-20aa-4dc7-aadd-403bead2cff1", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM dd yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ] + }, + "description": "Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI. A token with transform write authority is required to call this API." + }, + "response": [ + { + "id": "859f2ae8-28a6-432f-a9d2-69e77edf6a77", + "name": "Indicates the transform was successfully created and returns its representation.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM dd yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ] + } + }, + "status": "Created", + "code": 201, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"sourceName\": \"Workday\",\n \"attributeName\": \"DEPARTMENT\",\n \"accountSortAttribute\": \"created\",\n \"accountSortDescending\": false,\n \"accountReturnFirstLink\": false,\n \"accountFilter\": \"!(nativeIdentity.startsWith(\\\"*DELETED*\\\"))\",\n \"accountPropertyFilter\": \"(groups.containsAll({'Admin'}) || location == 'Austin')\",\n \"requiresPeriodicRefresh\": false,\n \"input\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"first_name\",\n \"sourceName\": \"Source\"\n }\n }\n },\n \"id\": \"2cd78adghjkja34jh2b1hkjhasuecd\",\n \"internal\": false\n}" + }, + { + "id": "81955239-30b5-4059-b2eb-97b76638154b", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM dd yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "a7a3af50-8097-4a68-b166-af85fb9df190", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM dd yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "7dc2f522-a140-4be9-a32e-d7ccf96a1e30", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM dd yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "23d999f3-2b36-4dcf-8401-efc4f54441e9", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM dd yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "5fd90660-8863-4a4e-a452-a86308e0909b", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM dd yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f9c06693-0902-42c2-ac8d-df2dda139596", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM dd yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms" + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Transform by ID", + "id": "c3ee0a2f-3348-4234-8cba-0a86c9c4b7df", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2cd78adghjkja34jh2b1hkjhasuecd" + } + ] + }, + "description": "This API returns the transform specified by the given ID.\nA token with transform read authority is required to call this API." + }, + "response": [ + { + "id": "466694f0-2e68-40ee-8053-f23af2ee08d0", + "name": "Transform with the given ID", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"sourceName\": \"Workday\",\n \"attributeName\": \"DEPARTMENT\",\n \"accountSortAttribute\": \"created\",\n \"accountSortDescending\": false,\n \"accountReturnFirstLink\": false,\n \"accountFilter\": \"!(nativeIdentity.startsWith(\\\"*DELETED*\\\"))\",\n \"accountPropertyFilter\": \"(groups.containsAll({'Admin'}) || location == 'Austin')\",\n \"requiresPeriodicRefresh\": false,\n \"input\": {\n \"type\": \"accountAttribute\",\n \"attributes\": {\n \"attributeName\": \"first_name\",\n \"sourceName\": \"Source\"\n }\n }\n },\n \"id\": \"2cd78adghjkja34jh2b1hkjhasuecd\",\n \"internal\": false\n}" + }, + { + "id": "50e2fb2e-7e93-495f-9681-dce44ea93c47", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "879c8e67-417b-427b-b372-0071d5921901", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "680320df-c7b7-48e8-95d9-61e6de79c08a", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "af36a68a-8829-493c-a6f0-818495d576ac", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "cca697ee-fe14-4488-a039-27ea50787547", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "4b9b5606-cb56-4280-ae7c-f9d5eaaf0049", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Update a transform", + "id": "b8f5f63b-4c21-46fb-911c-1e50d181b2a7", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2cd78adghjkja34jh2b1hkjhasuecd" + } + ] + }, + "description": "Replaces the transform specified by the given ID with the transform provided in the request body. Only the \"attributes\" field is mutable. Attempting to change other properties (ex. \"name\" and \"type\") will result in an error.\nA token with transform write authority is required to call this API." + }, + "response": [ + { + "id": "f2528367-1002-47d6-829f-05e70599a550", + "name": "Indicates the transform was successfully updated and returns its new representation.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2cd78adghjkja34jh2b1hkjhasuecd\",\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n },\n \"internal\": false\n}" + }, + { + "id": "7ecc7b56-5c8c-4d11-ae75-b17ce2df927f", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "e135820c-e849-463a-a0e2-7ae8d20c1082", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "be7b911a-fbb3-428d-aed3-0d9cc47f94a2", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "b928f5e6-60c3-4b45-832c-2529e65b7502", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "fd7a2ffd-852c-44b5-903c-303034cd3435", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "8acbad68-5d41-418e-9a44-1319fdc9026f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "PUT", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"name\": \"Timestamp To Date\",\n \"type\": \"dateFormat\",\n \"attributes\": {\n \"inputFormat\": \"MMM-dd-yyyy, HH:mm:ss.SSS\",\n \"outputFormat\": \"yyyy/dd/MM\"\n }\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Delete a transform", + "id": "2c795dbd-a314-4e01-ba77-59df31331411", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "auth": { + "type": "oauth2", + "oauth2": [ + { + "key": "scope", + "value": "sp:scopes:default sp:scopes:all", + "type": "string" + }, + { + "key": "accessTokenUrl", + "value": "https://tenant.api.identitynow.com/oauth/token", + "type": "string" + }, + { + "key": "grant_type", + "value": "client_credentials", + "type": "string" + } + ] + }, + "method": "DELETE", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2cd78adghjkja34jh2b1hkjhasuecd" + } + ] + }, + "description": "Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform.\nA token with transform delete authority is required to call this API." + }, + "response": [ + { + "id": "7806529c-e43f-4cd6-a58e-d359ca08534d", + "name": "No content - indicates the request was successful but there is no content to be returned in the response.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "No Content", + "code": 204, + "_postman_previewlanguage": "text", + "header": [], + "cookie": [] + }, + { + "id": "0e911ffb-d868-4a94-b029-f3196110e802", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "e5a0486f-c26d-4571-8fa4-e12eb18405a8", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "b13839ed-c592-46ba-8675-7c517e1e2c29", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "d5308e52-6017-411b-8d14-ebe1bccc47cc", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "277d00f3-3be8-4f36-a033-6f3430c52cd5", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "82192834-e849-4497-944f-66b925da3d01", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "DELETE", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/transforms/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "transforms", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "23bf81fc-38d9-499d-b181-0cb7becb0b3b", + "description": "The purpose of this API is to expose functionality for the manipulation of Transform objects.\nTransforms are a form of configurable objects which define an easy way to manipulate attribute data without having\nto write code. These endpoints don't require API calls to other resources, audit service is used for keeping track\nof which users have made changes to the Transforms.\n\nRefer to [Transforms](https://developer.sailpoint.com/idn/docs/transforms) for more information about transforms.\n" + }, + { + "name": "Work Items", + "item": [ + { + "name": "List Work Items", + "id": "65fc4e52-74a3-49ca-bc45-78abdc878b3d", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items?limit=250&offset=0&count=true&ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + }, + "description": "This gets a collection of work items belonging to either the specified user(admin required), or the current user." + }, + "response": [ + { + "id": "b668021d-3af4-4506-9918-b2e7a35565d7", + "name": "List of work items", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items?limit=250&offset=0&count=true&ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n }\n]" + }, + { + "id": "2b212df2-0082-457d-8f2c-b8ead8ad1126", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items?limit=250&offset=0&count=true&ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "9ef65b49-7ed7-4117-9cfe-c0b15bf1cb64", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items?limit=250&offset=0&count=true&ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "b6edf98a-dc79-42d2-a1fe-353d0236b614", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items?limit=250&offset=0&count=true&ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "a422003e-2d3b-43bd-801c-97e2a5b19f79", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items?limit=250&offset=0&count=true&ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "9d03a920-9b80-426f-a9f4-515175617865", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items?limit=250&offset=0&count=true&ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items" + ], + "query": [ + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + }, + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Completed Work Items", + "id": "defe0d8f-6146-4dbe-9e12-ea42838f1396", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed?ownerId=1211bcaa32112bcef6122adb21cef1ac&limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed" + ], + "query": [ + { + "description": "The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + }, + "description": "This gets a collection of completed work items belonging to either the specified user(admin required), or the current user." + }, + "response": [ + { + "id": "c9b41dae-e392-4da3-95b2-9690ebf51812", + "name": "List of completed work items.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed?ownerId=1211bcaa32112bcef6122adb21cef1ac&limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed" + ], + "query": [ + { + "description": "The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "[\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n },\n {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n }\n]" + }, + { + "id": "323d9784-1057-4484-b97b-6c806d91cde3", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed?ownerId=1211bcaa32112bcef6122adb21cef1ac&limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed" + ], + "query": [ + { + "description": "The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "0910dbfd-c806-48d1-b51f-536dee0a657f", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed?ownerId=1211bcaa32112bcef6122adb21cef1ac&limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed" + ], + "query": [ + { + "description": "The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "a1a1d845-2221-4032-85d0-dc300890c513", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed?ownerId=1211bcaa32112bcef6122adb21cef1ac&limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed" + ], + "query": [ + { + "description": "The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "b4624a9f-9a41-458a-833e-0a890ab773db", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed?ownerId=1211bcaa32112bcef6122adb21cef1ac&limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed" + ], + "query": [ + { + "description": "The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f24cb7fb-ce6f-46be-8254-2807a9b3297c", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed?ownerId=1211bcaa32112bcef6122adb21cef1ac&limit=250&offset=0&count=true", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed" + ], + "query": [ + { + "description": "The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + }, + { + "description": "Max number of results to return.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "limit", + "value": "250" + }, + { + "description": "Offset into the full result set. Usually specified with *limit* to paginate through the results.\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "offset", + "value": "0" + }, + { + "description": "If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored.\n\nSince requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used.\n\nSee [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information.", + "key": "count", + "value": "true" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Count Work Items", + "id": "6a1ddb33-f0dc-4114-a8ac-d0c8d695f070", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/count?ownerId=ef38f94347e94562b5bb8424a56397d8", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This gets a count of work items belonging to either the specified user(admin required), or the current user." + }, + "response": [ + { + "id": "f4caddfd-6e7e-4d21-a407-3ee9085a672f", + "name": "List of work items", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/count?ownerId=ef38f94347e94562b5bb8424a56397d8", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"count\": 29\n}" + }, + { + "id": "30811c83-7d0c-4080-a949-b0f9a6e21fe1", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/count?ownerId=ef38f94347e94562b5bb8424a56397d8", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "be970165-ba34-4ba9-a5cc-d8e4bdb96538", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/count?ownerId=ef38f94347e94562b5bb8424a56397d8", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "52309de7-2d7a-41eb-a49d-f616edfc11da", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/count?ownerId=ef38f94347e94562b5bb8424a56397d8", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "25727528-4ae4-4664-b65d-08dbc8846879", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/count?ownerId=ef38f94347e94562b5bb8424a56397d8", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f5cae6be-8d3c-42ae-94ac-5c5904d4798f", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/count?ownerId=ef38f94347e94562b5bb8424a56397d8", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Count Completed Work Items", + "id": "ef6acc16-34d9-491a-a1db-5f5010d21f58", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed/count?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + }, + "description": "This gets a count of completed work items belonging to either the specified user(admin required), or the current user." + }, + "response": [ + { + "id": "c71b59bc-e0f8-4da4-bacf-55052a04ef6a", + "name": "List of work items", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed/count?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"count\": 29\n}" + }, + { + "id": "f591b854-4f8d-496f-bd42-8a8cf86d5ef2", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed/count?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "420751da-3530-4c16-93af-3f255de4dd6b", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed/count?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "9fc9dc69-1bf8-4c7e-8d19-cece448a3b5a", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed/count?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "17787652-fa9f-437a-ae4c-02d202ecb698", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed/count?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "3553ed95-eee4-404b-b484-4aaaa77e3f54", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/completed/count?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "completed", + "count" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Work Items Summary", + "id": "612bd750-3f07-421d-bfbe-d7eee3cd308c", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/summary?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "summary" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + }, + "description": "This gets a summary of work items belonging to either the specified user(admin required), or the current user." + }, + "response": [ + { + "id": "ed392c51-900e-4d57-b779-395417e501cc", + "name": "List of work items", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/summary?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "summary" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"open\": 29,\n \"completed\": 1,\n \"total\": 30\n}" + }, + { + "id": "be0e77bf-2f09-4e36-8323-44d88f098418", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/summary?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "summary" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "f38db3a1-ff1d-4821-a6db-ac2023c94a42", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/summary?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "summary" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "391697d8-46d9-4d0e-8e97-d8e1d4994322", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/summary?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "summary" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "ec8b8807-8733-4409-834e-0e6bdf1fe495", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/summary?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "summary" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "ee84a8ea-ddca-47d0-8b24-29b06e094849", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/summary?ownerId=1211bcaa32112bcef6122adb21cef1ac", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "summary" + ], + "query": [ + { + "description": "ID of the work item owner.", + "key": "ownerId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Get a Work Item", + "id": "98302266-359c-485b-a9d4-7738291d475d", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "GET", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "2c9180835d191a86015d28455b4a2329" + } + ] + }, + "description": "This gets the details of a Work Item belonging to either the specified user(admin required), or the current user." + }, + "response": [ + { + "id": "a0cb9f63-7f27-48d6-92ff-4f31e0206e66", + "name": "The work item with the given ID.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n}" + }, + { + "id": "db99fe3a-0baa-48e1-a768-ab2437fe51cd", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "a4fe4ff6-56cf-4f2f-b87e-1c2c903a56f2", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "bee87c70-5a66-4cca-88b1-bb562fe92b58", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "e140b358-0f80-4bab-9d79-1734e81e0ca2", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "de21d96f-deed-45a2-bd29-d52a3959d974", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "GET", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Complete a Work Item", + "id": "caca5698-7754-4fe1-ae89-2e1c83c12f1e", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API completes a work item. Either an admin, or the owning/current user must make this request." + }, + "response": [ + { + "id": "e4c32d4d-3130-4d43-9c8c-8a7eac053c91", + "name": "A WorkItems object", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n}" + }, + { + "id": "f3eeb40a-485d-4d81-8828-6ffc19a91b1b", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "6d5f97b4-d482-4188-8c05-3a67226bf5da", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "5ca4a33f-983f-4272-9802-164db17a73dc", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "f5b27160-b118-44d6-a578-4519c775a873", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "76e482f8-bb53-4cc5-8e1c-53a7d83e6ae5", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "eea762e4-6d7a-4eff-be82-98316d2f46aa", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Approve an Approval Item", + "id": "62232c8f-a17b-4fcf-ac66-cfdafbb2919a", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/approve/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "approve", + ":approvalItemId" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "key": "approvalItemId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + }, + "description": "This API approves an Approval Item. Either an admin, or the owning/current user must make this request." + }, + "response": [ + { + "id": "99437289-c5cd-4118-bb60-e29d118cea59", + "name": "A work items details object.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/approve/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "approve", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n}" + }, + { + "id": "891db533-ea42-456e-9b9b-fb0397dd549e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/approve/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "approve", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "e12b2336-35c7-4070-b300-d3e44cc54a8f", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/approve/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "approve", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "f8bc02dd-f7bd-43e0-bc7c-bc78d1a0386d", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/approve/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "approve", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "315994c4-6049-471d-a4aa-fe8ff2d4ea0c", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/approve/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "approve", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "417eb8b6-a642-4a9e-b698-7f4144a9e2ad", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/approve/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "approve", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "b3863299-7bc3-4646-972c-0409d24beae9", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/approve/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "approve", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Reject an Approval Item", + "id": "0a7783b2-b88c-4e51-8827-51bf30ae0fcd", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/reject/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "reject", + ":approvalItemId" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + }, + { + "key": "approvalItemId", + "value": "1211bcaa32112bcef6122adb21cef1ac" + } + ] + }, + "description": "This API rejects an Approval Item. Either an admin, or the owning/current user must make this request." + }, + "response": [ + { + "id": "fdc793ad-efc5-4230-bd0d-df4c64884c21", + "name": "A work items details object.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/reject/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "reject", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n}" + }, + { + "id": "5473974e-9484-4d52-b213-656ea2750931", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/reject/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "reject", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "d95c34a3-5840-4744-aa50-462e2aeac424", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/reject/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "reject", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "3f7bbae8-4a6b-414b-b415-30fc92b50303", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/reject/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "reject", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "54189e4b-0a7d-4281-b90f-b5a6d2f4a0f2", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/reject/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "reject", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "4893a32a-015f-4005-aa92-8e7b3651d9f8", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/reject/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "reject", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "095e97ac-ac37-4ae8-ad03-7c5ea0695150", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/:id/reject/:approvalItemId", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "reject", + ":approvalItemId" + ], + "variable": [ + { + "key": "id" + }, + { + "key": "approvalItemId" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Bulk approve Approval Items", + "id": "040ec5fc-5611-4ccb-b509-1319fac9908b", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-approve/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-approve", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request." + }, + "response": [ + { + "id": "9e435e04-0bbb-4409-9182-b0a1855a954e", + "name": "A work items details object.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-approve/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-approve", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n}" + }, + { + "id": "07fd6144-f0f1-450d-bd0b-4547f0856e62", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-approve/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-approve", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "5ba9c7c0-55b9-4bfe-b268-25034b3ad29c", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-approve/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-approve", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "31f3cfda-93ee-4bf5-8b07-d0de3fecbf94", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-approve/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-approve", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "8684a4d2-8eed-4e6a-80e0-f7bc3fd37b09", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-approve/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-approve", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "b7778ced-d1d9-4c6a-b3f3-159082b80686", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-approve/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-approve", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "f82e5909-dff9-48bb-a8a1-8db7a07b4935", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-approve/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-approve", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Bulk reject Approval Items", + "id": "dd965933-5973-4796-9129-e7af0ea118fd", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Accept", + "value": "application/json" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-reject/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-reject", + ":id" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request." + }, + "response": [ + { + "id": "eaeda10f-92ba-490e-a944-432aa8f90609", + "name": "A work items details object.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-reject/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-reject", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n}" + }, + { + "id": "8de320ca-ab41-4e07-a7d0-8e700bec54e8", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-reject/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-reject", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "81a53fc8-2fac-4068-a599-24caabc5a39c", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-reject/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-reject", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "aa0d25ad-f45c-409c-b29d-1c678b75e358", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-reject/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-reject", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "9f35a740-d0da-4b04-9b88-ce5f3ae0e986", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-reject/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-reject", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "4162f109-c923-44ee-b6eb-0bca32c048ed", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-reject/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-reject", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "b70aff15-f43a-466b-a9a5-2c3844f2b1c7", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "url": { + "raw": "{{baseUrl}}/work-items/bulk-reject/:id", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + "bulk-reject", + ":id" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + }, + { + "name": "Submit Account Selections", + "id": "425a8c8d-3866-4b03-9f5d-f0cf80cffa94", + "protocolProfileBehavior": { + "disableBodyPruning": true + }, + "request": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "key": "Accept", + "value": "application/json" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"fieldName\": \"fieldValue\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/work-items/:id/submit-account-selection", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "submit-account-selection" + ], + "variable": [ + { + "key": "id", + "value": "ef38f94347e94562b5bb8424a56397d8" + } + ] + }, + "description": "This API submits account selections. Either an admin, or the owning/current user must make this request." + }, + "response": [ + { + "id": "7625ae8e-4713-480a-83cd-f549cd43705f", + "name": "A work items details object.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"fieldName\": \"fieldValue\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/work-items/:id/submit-account-selection", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "submit-account-selection" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "OK", + "code": 200, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"requesterDisplayName\": \"John Smith\",\n \"ownerId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"ownerName\": \"Jason Smith\",\n \"created\": \"2017-07-11T18:45:37.098Z\",\n \"modified\": \"2018-06-25T20:22:28.104Z\",\n \"description\": \"Create account on source 'AD'\",\n \"state\": \"FINISHED\",\n \"type\": \"GENERIC\",\n \"remediationItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetId\": \"2c9180835d2e5168015d32f890ca1581\",\n \"targetName\": \"john.smith\",\n \"targetDisplayName\": \"emailAddress\",\n \"applicationName\": \"Active Directory\",\n \"attributeName\": \"phoneNumber\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"512-555-1212\",\n \"nativeIdentity\": \"jason.smith2\"\n },\n \"approvalItems\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"account\": \"john.smith\",\n \"application\": \"Active Directory\",\n \"attributeName\": \"emailAddress\",\n \"attributeOperation\": \"update\",\n \"attributeValue\": \"a@b.com\",\n \"state\": \"FINISHED\"\n },\n \"name\": \"Account Create\",\n \"completed\": \"2018-10-19T13:49:37.385Z\",\n \"numItems\": 19,\n \"form\": {\n \"id\": \"2c9180835d2e5168015d32f890ca1581\",\n \"name\": \"AccountSelection Form\",\n \"title\": \"Account Selection for John.Doe\",\n \"subtitle\": \"Please select from the following\",\n \"targetUser\": \"Jane.Doe\",\n \"sections\": {\n \"name\": \"Field1\",\n \"label\": \"Section 1\"\n }\n },\n \"errors\": [\n \"The work item ID that was specified was not found.\"\n ]\n}" + }, + { + "id": "b10e77c6-1066-4b92-9d81-24e1b2f4f15e", + "name": "Client Error - Returned if the request body is invalid.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"fieldName\": \"fieldValue\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/work-items/:id/submit-account-selection", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "submit-account-selection" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Bad Request", + "code": 400, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"400.1 Bad Request Content\",\n \"trackingId\": \"e7eab60924f64aa284175b9fa3309599\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ],\n \"causes\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n },\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The request was syntactically correct but its content is semantically invalid.\"\n }\n ]\n}" + }, + { + "id": "b420661f-a694-40e7-9f4c-6494fb4243b4", + "name": "Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"fieldName\": \"fieldValue\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/work-items/:id/submit-account-selection", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "submit-account-selection" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Unauthorized", + "code": 401, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"error\": \"JWT validation failed: JWT is expired\"\n}" + }, + { + "id": "c06b80d8-50e8-4a7e-8a22-0f6087fcd0ed", + "name": "Forbidden - Returned if the user you are running as, doesn't have access to this end-point.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"fieldName\": \"fieldValue\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/work-items/:id/submit-account-selection", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "submit-account-selection" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Forbidden", + "code": 403, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"403 Forbidden\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server understood the request but refuses to authorize it.\"\n }\n ]\n}" + }, + { + "id": "bfb0b87f-ae52-44b6-9a85-ec81d2460357", + "name": "Not Found - returned if the request URL refers to a resource or object that does not exist", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"fieldName\": \"fieldValue\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/work-items/:id/submit-account-selection", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "submit-account-selection" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Not Found", + "code": 404, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"404 Not found\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"The server did not find a current representation for the target resource.\"\n }\n ]\n}" + }, + { + "id": "cff91e1f-0a65-42fe-bc70-281a09a8d192", + "name": "Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"fieldName\": \"fieldValue\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/work-items/:id/submit-account-selection", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "submit-account-selection" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Too Many Requests", + "code": 429, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"message\": \" Rate Limit Exceeded \"\n}" + }, + { + "id": "0f812e75-9546-4af1-b8af-ca6fa53e62e7", + "name": "Internal Server Error - Returned if there is an unexpected error.", + "originalRequest": { + "method": "POST", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + }, + { + "description": "Added as a part of security scheme: oauth2", + "key": "Authorization", + "value": "" + } + ], + "body": { + "mode": "raw", + "raw": "{\n \"fieldName\": \"fieldValue\"\n}", + "options": { + "raw": { + "headerFamily": "json", + "language": "json" + } + } + }, + "url": { + "raw": "{{baseUrl}}/work-items/:id/submit-account-selection", + "host": [ + "{{baseUrl}}" + ], + "path": [ + "work-items", + ":id", + "submit-account-selection" + ], + "variable": [ + { + "key": "id" + } + ] + } + }, + "status": "Internal Server Error", + "code": 500, + "_postman_previewlanguage": "json", + "header": [ + { + "key": "Content-Type", + "value": "application/json" + } + ], + "cookie": [], + "body": "{\n \"detailCode\": \"500.0 Internal Fault\",\n \"trackingId\": \"b21b1f7ce4da4d639f2c62a57171b427\",\n \"messages\": [\n {\n \"locale\": \"en-US\",\n \"localeOrigin\": \"DEFAULT\",\n \"text\": \"An internal fault occurred.\"\n }\n ]\n}" + } + ] + } + ], + "id": "50876191-03ff-47ed-85f3-794ac5a29ba8", + "description": "Use this API to implement work item functionality. \nWith this functionality in place, users can manage their work items (tasks). \n\nWork items refer to the tasks users see in IdentityNow's Task Manager. \nThey can see the pending work items they need to complete, as well as the work items they have already completed. \nTask Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created. \nFor example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp. \nOnce the user completes the work item, the work item will be listed with his or her other completed work items. \n\nTo complete work items, users can use their dashboards and select the 'My Tasks' widget. \nThe widget will list any work items they need to complete, and they can select the work item from the list to review its details. \nWhen they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items. \n\nRefer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete.\n" + } + ], + "auth": { + "type": "bearer", + "bearer": [ + { + "key": "token", + "value": "{{accessToken}}", + "type": "string" + } + ] + }, + "event": [ + { + "listen": "prerequest", + "script": { + "id": "25337bb0-5b0f-4937-a4b2-a1c78bb15e78", + "type": "text/javascript", + "exec": [ + "const domain = pm.environment.get('domain') ? pm.environment.get('domain') : pm.collectionVariables.get('domain')", + "const tokenUrl = 'https://' + pm.environment.get('tenant') + '.api.' + domain + '.com/oauth/token';", + "const clientId = pm.environment.get('clientId');", + "const clientSecret = pm.environment.get('clientSecret');", + "", + "const getTokenRequest = {", + " method: 'POST',", + " url: tokenUrl,", + " body: {", + " mode: 'formdata',", + " formdata: [{", + " key: 'grant_type',", + " value: 'client_credentials'", + " },", + " {", + " key: 'client_id',", + " value: clientId", + " },", + " {", + " key: 'client_secret',", + " value: clientSecret", + " }", + " ]", + " }", + "};", + "", + "", + "var moment = require('moment');", + "if (!pm.environment.has('tokenExpTime')) {", + " pm.environment.set('tokenExpTime', moment());", + "}", + "", + "if (moment(pm.environment.get('tokenExpTime')) <= moment() || !pm.environment.get('tokenExpTime') || !pm.environment.get('accessToken')) {", + " var time = moment();", + " time.add(12, 'hours');", + " pm.environment.set('tokenExpTime', time);", + " pm.sendRequest(getTokenRequest, (err, response) => {", + " const jsonResponse = response.json();", + " const newAccessToken = jsonResponse.access_token;", + " pm.environment.set('accessToken', newAccessToken);", + " });", + "", + "}" + ] + } + }, + { + "listen": "test", + "script": { + "id": "892cdc3d-9c56-4919-b572-9af99f4c6190", + "type": "text/javascript", + "exec": [ + "" + ] + } + } + ], + "variable": [ + { + "id": "d7bd206a-3f3f-4195-adcd-d2c1e5d3fb9b", + "key": "domain", + "value": "identitynow", + "type": "any" + }, + { + "id": "37c03fe1-68b0-4a28-9a2a-283a7ca432c4", + "key": "baseUrl", + "value": "https://{{tenant}}.api.{{domain}}.com/v3", + "type": "any" + } + ] +} \ No newline at end of file diff --git a/postman/schemas/deref-sailpoint-api.v3.yaml b/postman/schemas/deref-sailpoint-api.v3.yaml new file mode 100644 index 0000000..f2bbef4 --- /dev/null +++ b/postman/schemas/deref-sailpoint-api.v3.yaml @@ -0,0 +1,102698 @@ +openapi: 3.0.1 +info: + title: IdentityNow V3 API + description: 'Use these APIs to interact with the IdentityNow platform to achieve repeatable, automated processes with greater scalability. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.' + termsOfService: 'https://developer.sailpoint.com/discuss/tos' + contact: + name: Developer Relations + url: 'https://developer.sailpoint.com/discuss/api-help' + license: + name: MIT + url: 'https://opensource.org/licenses/MIT' + version: 3.0.0 +servers: + - url: 'https://{tenant}.api.identitynow.com/v3' + description: This is the production API server. + variables: + tenant: + default: sailpoint + description: 'This is the name of your tenant, typically your company''s name.' +tags: + - name: Access Profiles + description: | + Use this API to implement and customize access profile functionality. + With this functionality in place, administrators can create access profiles and configure them for use throughout IdentityNow, enabling users to get the access they need quickly and securely. + + Access profiles group entitlements, which represent access rights on sources. + + For example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. + + An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. + + When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. + + When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. + + Access profiles are the most important units of access in IdentityNow. IdentityNow uses access profiles in many features, including the following: + + - Provisioning: When you use the Provisioning Service, lifecycle states and roles both grant access to users in the form of access profiles. + + - Certifications: You can approve or revoke access profiles in certification campaigns, just like entitlements. + + - Access Requests: You can assign access profiles to applications, and when a user requests access to the app associated with an access profile and someone approves the request, access is granted to both the application and its associated access profile. + + - Roles: You can group one or more access profiles into a role to quickly assign access items based on an identity's role. + + In IdentityNow, administrators can use the Access drop-down menu and select Access Profiles to view, configure, and delete existing access profiles, as well as create new ones. + Administrators can enable and disable an access profile, and they can also make the following configurations: + + - Manage Entitlements: Manage the profile's access by adding and removing entitlements. + + - Access Requests: Configure access profiles to be requestable and establish an approval process for any requests that the access profile be granted or revoked. + Do not configure an access profile to be requestable without first establishing a secure access request approval process for the access profile. + + - Multiple Account Options: Define the logic IdentityNow uses to provision access to an identity with multiple accounts on the source. + + Refer to [Managing Access Profiles](https://documentation.sailpoint.com/saas/help/access/access-profiles.html) for more information about access profiles. + - name: Access Request Approvals + description: | + Use this API to implement and customize access request approval functionality. + With this functionality in place, administrators can delegate qualified users to review users' requests for access or managers' requests to revoke team members' access to applications, entitlements, or roles. + This enables more qualified users to review access requests and the others to spend their time on other tasks. + + In IdentityNow, users can request access to applications, entitlements, and roles, and managers can request that team members' access be revoked. + For applications and entitlements, administrators can set access profiles to require approval from the access profile owner, the application owner, the source owner, the requesting user's manager, or a governance group for access to be granted or revoked. + For roles, administrators can also set roles to allow access requests and require approval from the role owner, the requesting user's manager, or a governance group for access to be granted or revoked. + If the administrator designates a governance group as the required approver, any governance group member can approve the requests. + + When a user submits an access request, IdentityNow sends the first required approver in the queue an email notification, based on the access request configuration's approval and reminder escalation configuration. + + In Approvals in IdentityNow, required approvers can view pending access requests under the Requested tab and approve or deny them, or the approvers can reassign the requests to different reviewers for approval. + If the required approver approves the request and is the only reviewer required, IdentityNow grants or revokes access, based on the request. + If multiple reviewers are required, IdentityNow sends the request to the next reviewer in the queue, based on the access request configuration's approval reminder and escalation configuration. + The required approver can then view any completed access requests under the Reviewed tab. + + Refer to [Access Requests](https://documentation.sailpoint.com/saas/help/requests/index.html) for more information about access request approvals. + - name: Access Requests + description: | + Use this API to implement and customize access request functionality. + With this functionality in place, users can request access to applications, entitlements, or roles, and managers can request that team members' access be revoked. + This allows users to get access to the tools they need quickly and securely, and it allows managers to take away access to those tools. + + IdentityNow's Access Request service allows end users to request access that requires approval before it can be granted to users and enables qualified users to review those requests and approve or deny them. + + In the Request Center in IdentityNow, users can view available applications, roles, and entitlements and request access to them. + If the requested tools requires approval, the requests appear as 'Pending' under the My Requests tab until the required approver approves, rejects, or cancels them. + + Users can use My Requests to track and/or cancel the requests. + + In My Team on the IdentityNow Home, managers can submit requests to revoke their team members' access. + They can use the My Requests tab under Request Center to track and/or cancel the requests. + + Refer to [Requesting Access](https://documentation.sailpoint.com/saas/user-help/requests/requesting_access.html) for more information about access requests. + - name: Accounts + description: | + Use this API to implement and customize account functionality. + With this functionality in place, administrators can manage users' access across sources in IdentityNow. + + In IdentityNow, an account refers to a user's account on a supported source. + This typically includes a unique identifier for the user, a unique password, a set of permissions associated with the source and a set of attributes. IdentityNow loads accounts through the creation of sources in IdentityNow. + + Administrators can correlate users' identities with the users' accounts on the different sources they use. + This allows IdentityNow to govern the access of identities and all their correlated accounts securely and cohesively. + + To view the accounts on a source and their correlated identities, administrators can use the Connections drop-down menu, select Sources, select the relevant source, and select its Account tab. + + To view and edit source account statuses for an identity in IdentityNow, administrators can use the Identities drop-down menu, select Identity List, select the relevant identity, and select its Accounts tab. + Administrators can toggle an account's Actions to aggregate the account, enable/disable it, unlock it, or remove it from the identity. + + Accounts can have the following statuses: + + - Enabled: The account is enabled. The user can access it. + + - Disabled: The account is disabled, and the user cannot access it, but the identity is not disabled in IdentityNow. This can occur when an administrator disables the account or when the user's lifecycle state changes. + + - Locked: The account is locked. This may occur when someone has entered an incorrect password for the account too many times. + + - Pending: The account is currently updating. This status typically lasts seconds. + + Administrators can select the source account to view its attributes, entitlements, and the last time the account's password was changed. + + Refer to [Managing User Accounts](https://documentation.sailpoint.com/saas/help/common/users/user_access.html#managing-user-accounts) for more information about accounts. + - name: Account Activities + description: | + Use this API to implement account activity tracking functionality. + With this functionality in place, users can track source account activity in IdentityNow, which greatly improves traceability in the system. + + An account activity refers to a log of each action performed on a source account. This is useful for auditing the changes performed on an account throughout its life. + In IdentityNow's Search, users can search for account activities and select the activity's row to get an overview of the activity's account action and view its progress, its involved sources, and its most basic metadata, such as the identity requesting the option and the recipient. + + Account activity includes most actions IdentityNow completes on source accounts. Users can search in IdentityNow for the following account action types: + + - Access Request: These include any access requests the source account is involved in. + + - Account Attribute Updates: These include updates to a single attribute on an account on a source. + + - Account State Update: These include locking or unlocking actions on an account on a source. + + - Certification: These include actions removing an entitlement from an account on a source as a result of the entitlement's revocation during a certification. + + - Cloud Automated `Lifecyclestate`: These include automated lifecycle state changes that result in a source account's correlated identity being assigned to a different lifecycle state. + IdentityNow replaces the `Lifecyclestate` variable with the name of the lifecycle state it has moved the account's identity to. + + - Identity Attribute Update: These include updates to a source account's correlated identity attributes as the result of a provisioning action. + When you update an identity attribute that also updates an identity's lifecycle state, the cloud automated `Lifecyclestate` event also displays. + Account Activity does not include attribute updates that occur as a result of aggregation. + + - Identity Refresh: These include correlated identity refreshes that occur for an account on a source whenever the account's correlated identity profile gets a new role or updates. + These also include refreshes that occur whenever IdentityNow assigns an application to the account's correlated identity based on the application's being assigned to All Users From Source or Specific Users From Source. + + - Lifecycle State Refresh: These include the actions that took place when a lifecycle state changed. This event only occurs after a cloud automated `Lifecyclestate` change or a lifecycle state change. + + - Lifecycle State Change: These include the account activities that result from an identity's manual assignment to a null lifecycle state. + + - Password Change: These include password changes on sources. + + Refer to [Account Activity](https://documentation.sailpoint.com/saas/help/search/index.html#account-activity) for more information about account activities. + - name: Certifications + description: | + Use this API to implement certification functionality. + With this functionality in place, administrators and designated certification reviewers can review users' access certifications and decide whether to approve access, revoke it, or reassign the review to another reviewer. + Implementing certifications improves organizations' data security by reducing inappropriate access through a distributed review process and helping them satisfy audit and regulatory requirements. + + A certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. + These serve as a way of showing that a user's access has been reviewed and approved. + Multiple certifications by different reviewers are often required to approve a user's access. + A set of multiple certifications is called a certification campaign. + + For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. + Once this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. + + Organization administrators or certification administrators can designate other IdentityNow users as certification reviewers. + Those reviewers can select the 'Certifications' tab to view any of the certifications they either need to review or have already reviewed under the 'Active' and 'Completed' tabs, respectively. + + When a certification campaign is in progress, certification reviewers will see certifications listed under 'Active,' where they can review the involved identities. + Under the 'Decision' column on the right, next to each access item, reviewers can select the checkmark to approve access, select the 'X' to revoke access, or they can toggle the 'More Options' menu to reassign the certification to another reviewer and provide a reason for reassignment in the form of a comment. + + Once a reviewer has made decisions on all the certification's involved access items, he or she must select 'Sign Off' to complete the review process. + Doing so converts the certification into read-only status, preventing any further changes to the review decisions and deleting the work item (task) from the reviewer's list of work items. + + Once all the reviewers have signed off, the certification campaign either completes or, if any reviewers decided to revoke access for any of the involved identities, it moves into a remediation phase. In the remediation phase, identities' entitlements are altered to remove any entitlements marked for revocation. + In this situation, the certification campaign completes once all the remediation requests are completed. + + Refer to [Certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) for more information about certifications. + - name: Certification Summaries + description: | + Use this API to implement certification summary functionality. + With this functionality in place, administrators and designated certification reviewers can review summaries of identity certification campaigns and draw conclusions about the campaigns' scope, security, and effectiveness. + Implementing certification summary functionality improves organizations' ability to review their [certifications](https://documentation.sailpoint.com/saas/user-help/certifications.html) and helps them satisfy audit and regulatory requirements by enabling them to trace access changes and the decisions made in their review processes. + + A certification refers to IdentityNow's mechanism for reviewing a user's access to entitlements (sets of permissions) and approving or removing that access. + These certifications serve as a way of showing that a user's access has been reviewed and approved. + Multiple certifications by different reviewers are often required to approve a user's access. + A set of multiple certifications is called a certification campaign. + + For example, an organization may use a Manager Certification as a way of showing that a user's access has been reviewed and approved by their manager, or if the certification is part of a campaign, that the user's access has been reviewed and approved by multiple managers. + Once this certification has been completed, IdentityNow would provision all the access the user needs, nothing more. + + Certification summaries provide information about identity certification campaigns such as the identities involved, the number of decisions made, and the access changed. + For example, an administrator or designated certification reviewer can examine the Manager Certification campaign to get an overview of how many entitlement decisions are made in that campaign as opposed to role decisions, which identities would be affected by changes to the campaign, and how those identities' access would be affected. + - name: Lifecycle States + description: | + Use this API to implement and customize lifecycle state functionality. + With this functionality in place, administrators can create and configure custom lifecycle states for use across their organizations, which is key to controlling which users have access, when they have access, and the access they have. + + A lifecycle state describes a user's status in a company. For example, two lifecycle states come by default with IdentityNow: 'Active' and 'Inactive.' + When an active employee takes an extended leave of absence from a company, his or her lifecycle state may change to 'Inactive,' for security purposes. + The inactive employee would lose access to all the applications, sources, and sensitive data during the leave of absence, but when the employee returns and becomes active again, all that access would be restored. + This saves administrators the time that would otherwise be spent provisioning the employee's access to each individual tool, reviewing the employee's certification history, etc. + + Administrators can create a variety of custom lifecycle states. Refer to [Planning New Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#planning-new-lifecycle-states) for some custom lifecycle state ideas. + + Administrators must define the criteria for being in each lifecycle state, and they must define how IdentityNow manages users' access to apps and sources for each lifecycle state. + + In IdentityNow, administrators can manage lifecycle states by going to Admin > Identities > Identity Profile, selecting the identity profile whose lifecycle states they want to manage, selecting the 'Provisioning' tab, and using the left panel to either select the lifecycle state they want to modify or create a new lifecycle state. + + In the 'Provisioning' tab, administrators can make the following access changes to an identity profile's lifecycle state: + + - Enable/disable the lifecycle state for the identity profile. + + - Enable/disable source accounts for the identity profile's lifecycle state. + + - Add existing access profiles to grant to the identity profiles in that lifecycle state. + + - Create a new access profile to grant to the identity profile in that lifecycle state. + + Access profiles granted in a previous lifecycle state are automatically revoked when the identity moves to a new lifecycle state. + To maintain access across multiple lifecycle states, administrators must grant the access profiles in each lifecycle state. + For example, if an administrator wants users with the 'HR Employee' identity profile to maintain their building access in both the 'Active' and 'Leave of Absence' lifecycle states, the administrator must grant the access profile for that building access to both lifecycle states. + + During scheduled refreshes, IdentityNow evaluates lifFecycle states to determine whether their assigned identities have the access defined in the lifecycle states' access profiles. + If the identities are missing access, IdentityNow provisions that access. + + Administrators can also use the 'Provisioning' tab to configure email notifications for IdentityNow to send whenever an identity with that identity profile has a lifecycle state change. + Refer to [Configuring Lifecycle State Notifications](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#configuring-lifecycle-state-notifications) for more information on how to do so. + + An identity's lifecycle state can have four different statuses: the lifecycle state's status can be 'Active,' it can be 'Not Set,' it can be 'Not Valid,' or it 'Does Not Match Technical Name Case.' + Refer to [Moving Identities into Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html#moving-identities-into-lifecycle-states) for more information about these different lifecycle state statuses. + + Refer to [Setting Up Lifecycle States](https://documentation.sailpoint.com/saas/help/provisioning/lifecycle.html) for more information about lifecycle states. + - name: Identity Profiles + description: | + Use this API to implement identity profile functionality. + With this functionality in place, administrators can view identity profiles and their configurations. + + Identity profiles represent the configurations that can be applied to identities as a way of granting them a set of security and access, as well as defining the mappings between their identity attributes and their source attributes. + + In IdentityNow, administrators can use the Identities drop-down menu and select Identity Profiles to view the list of identity profiles. + This list shows some details about each identity profile, along with its status. + They can select an identity profile to view its settings, its mappings between identity attributes and correlating source account attributes, and its provisioning settings. + + Refer to [Creating Identity Profiles](https://documentation.sailpoint.com/saas/help/setup/identity_profiles.html) for more information about identity profiles. + - name: Non-Employee Lifecycle Management + description: | + Use this API to implement non-employee lifecycle management functionality. + With this functionality in place, administrators can create non-employee records and configure them for use in their organizations. + This allows organizations to provide secure access to non-employees and control that access. + + The 'non-employee' term refers to any consultant, contractor, intern, or other user in an organization who is not a full-time permanent employee. + Organizations can track non-employees' access and activity in IdentityNow by creating and maintaining non-employee sources. + Organizations can have a maximum of 50 non-employee sources. + + By using SailPoint's Non-Employee Lifecycle Management functionality, you agree to the following: + + - SailPoint is not responsible for storing sensitive data. + You may only add account attributes to non-employee identities that are necessary for business operations and are consistent with your contractual limitations on data that may be sent or stored in IdentityNow. + + - You are responsible for regularly downloading your list of non-employee accounts for all the sources you create and storing this list of accounts in a managed location to maintain an authoritative system of record and backup data for these accounts. + + To manage non-employees in IdentityNow, administrators must create a non-employee source and add accounts to the source. + + To create a non-employee source in IdentityNow, administrators must use the Admin panel to go to Connections > Sources. + They must then specify 'Non-Employee' in the 'Source Type' field. + Refer to [Creating a Non-Employee Source](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#creating-a-non-employee-source) for more details about how to create non-employee sources. + + To add accounts to a non-employee source in IdentityNow, administrators can select the non-employee source and add the accounts. + They can also use the 'Manage Non-Employees' widget on their user dashboards to reach the list of sources and then select the non-employee source they want to add the accounts to. + + Administrators can either add accounts individually or in bulk. Each non-employee source can have a maximum of 20,000 accounts. + To add accounts in bulk, they must select the 'Bulk Upload' option and upload a CSV file. + Refer to [Adding Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html#adding-accounts) for more details about how to add accounts to non-employee sources. + + Once administrators have created the non-employee source and added accounts to it, they can create identity profiles to generate identities for the non-employee accounts and manage the non-employee identities the same way they would any other identities. + + Refer to [Managing Non-Employee Sources and Accounts](https://documentation.sailpoint.com/saas/help/common/non-employee-mgmt.html) for more information about non-employee lifecycle management. + - name: OAuth Clients + description: | + Use this API to implement OAuth client functionality. + With this functionality in place, users with the appropriate security scopes can create and configure OAuth clients to use as a way to obtain authorization to use the IdentityNow REST API. + Refer to [Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information about OAuth and how it works with the IdentityNow REST API. + - name: Password Management + description: | + Use this API to implement password management functionality. + With this functionality in place, users can manage their identity passwords for all their applications. + + In IdentityNow, users can select their names in the upper right corner of the page and use the drop-down menu to select Password Manager. + Password Manager lists the user's identity's applications, possibly grouped to share passwords. + Users can then select 'Change Password' to update their passwords. + + Grouping passwords allows users to update their passwords more broadly, rather than requiring them to update each password individually. + Password Manager may list the applications and sources in the following groups: + + - Password Group: This refers to a group of applications that share a password. + For example, a user can use the same password for Google Drive, Google Mail, and YouTube. + Updating the password for the password group updates the password for all its included applications. + + - Multi-Application Source: This refers to a source with multiple applications that share a password. + For example, a user can have a source, G Suite, that includes the Google Calendar, Google Drive, and Google Mail applications. + Updating the password for the multi-application source updates the password for all its included applications. + + - Applications: These are applications that do not share passwords with other applications. + + An organization may require some authentication for users to update their passwords. + Users may be required to answer security questions or use a third-party authenticator before they can confirm their updates. + + Refer to [Managing Passwords](https://documentation.sailpoint.com/saas/user-help/accounts/passwords.html) for more information about password management. + - name: Password Dictionary + description: | + Use this API to implement password dictionary functionality. + With this functionality in place, administrators can create password dictionaries to prevent users from using certain words or characters in their passwords. + + A password dictionary is a list of words or characters that users are prevented from including in their passwords. + This can help protect users from themselves and force them to create passwords that are not easy to break. + + A password dictionary must meet the following requirements to for the API to handle them correctly: + + - It must be in .txt format. + + - All characters must be UTF-8 characters. + + - Each line must contain a single word or character with no spaces or whitespace characters. + + - It must contain at least one line other than the locale string. + + - Each line must not exceed 128 characters. + + - The file must not exceed 2500 lines. + + Administrators should also consider the following when they create their dictionaries: + + - Lines starting with a # represent comments. + + - All words in the password dictionary are case-insensitive. + For example, adding the word "password" to the dictionary also disallows the following: PASSWORD, Password, and PassWord. + + - The dictionary uses substring matching. + For example, adding the word "spring" to the dictionary also disallows the following: Spring124, 345SprinG, and 8spring. + Users can then select 'Change Password' to update their passwords. + + Administrators must do the following to create a password dictionary: + + - Create the text file that will contain the prohibited password values. + + - If the dictionary is not in English, they must add a locale string to the top line: locale:`languageCode`_`countryCode` + + The languageCode value refers to the language's 2-letter ISO 639-1 code. + The countryCode value refers to the country's 2-letter ISO 3166-1 code. + + Refer to this list https://docs.oracle.com/cd/E13214_01/wli/docs92/xref/xqisocodes.html to see all the available ISO 639-1 language codes and ISO 3166-1 country codes. + + - Upload the .txt file to IdentityNow with [Update Password Dictionary](https://developer.sailpoint.com/idn/api/beta/update-password-dictionary). Uploading a new file always overwrites the previous dictionary file. + + Administrators can then specify which password policies check new passwords against the password dictionary by doing the following: In the Admin panel, they can use the Password Mgmt dropdown menu to select Policies, select the policy, and select the 'Prevent use of words in this site's password dictionary' checkbox beside it. + + Refer to [Configuring Advanced Password Management Options](https://documentation.sailpoint.com/saas/help/pwd/adv_config.html) for more information about password dictionaries. + - name: Personal Access Tokens + description: | + Use this API to implement personal access token (PAT) functionality. + With this functionality in place, users can use PATs as an alternative to passwords for authentication in IdentityNow. + + PATs embed user information into the client ID and secret. + This replaces the API clients' need to store and provide a username and password to establish a connection, improving IdentityNow organizations' integration security. + + In IdentityNow, users can do the following to create and manage their PATs: Select the dropdown menu under their names, select Preferences, and then select Personal Access Tokens. + They must then provide a description about the token's purpose. + They can then select 'Create Token' at the bottom of the page to generate and view the Secret and Client ID. + + Refer to [Managing Personal Access Tokens](https://documentation.sailpoint.com/saas/help/common/generate_tokens.html) for more information about PATs. + - name: Public Identities + description: | + Use this API in conjunction with [Public Identites Config](https://developer.sailpoint.com/idn/api/v3/public-identities-config) to enable non-administrators to view identities' publicly visible attributes. + With this functionality in place, non-administrators can view identity attributes other than the default attributes (email, lifecycle state, and manager), depending on which identity attributes their organization administrators have made public. + This can be helpful for access approvers, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks. + - name: Public Identities Config + description: | + Use this API to implement public identity configuration functionality. + With this functionality in place, administrators can make up to 5 identity attributes publicly visible so other non-administrator users can see the relevant information they need to make decisions. + This can be helpful for approvers making approvals, certification reviewers, managers viewing their direct reports' access, and source owners viewing their tasks. + + By default, non-administrators can select an identity and view the following attributes: email, lifecycle state, and manager. + However, it may be helpful for a non-administrator reviewer to see other identity attributes like department, region, title, etc. + Administrators can use this API to make those necessary identity attributes public to non-administrators. + + For example, a non-administrator deciding whether to approve another identity's request for access to the Workday application, whose access may be restricted to members of the HR department, would want to know whether the identity is a member of the HR department. + If an administrator has used [Update Public Identity Config](https://developer.sailpoint.com/idn/api/v3/update-public-identity-config) to make the "department" attribute public, the approver can see the department and make a decision without requesting any more information. + - name: Requestable Objects + description: | + Use this API to implement requestable object functionality. + With this functionality in place, administrators can determine which access items can be requested with the [Access Request APIs](https://developer.sailpoint.com/idn/api/v3/access-requests), along with their statuses. + This can be helpful for administrators who are implementing and customizing access request functionality as a way of checking which items are requestable as they are created, assigned, and made available. + - name: Roles + description: | + Use this API to implement and customize role functionality. + With this functionality in place, administrators can create roles and configure them for use throughout IdentityNow. + IdentityNow can use established criteria to automatically assign the roles to qualified users. This enables users to get all the access they need quickly and securely and administrators to spend their time on other tasks. + + Entitlements represent the most granular level of access in IdentityNow. + Access profiles represent the next level and often group entitlements. + Roles represent the broadest level of access and often group access profiles. + + For example, an Active Directory source in IdentityNow can have multiple entitlements: the first, 'Employees,' may represent the access all employees have at the organization, and a second, 'Developers,' may represent the access all developers have at the organization. + + An administrator can then create a broader set of access in the form of an access profile, 'AD Developers' grouping the 'Employees' entitlement with the 'Developers' entitlement. + + An administrator can then create an even broader set of access in the form of a role grouping the 'AD Developers' access profile with another profile, 'GitHub Developers,' grouping entitlements for the GitHub source. + + When users only need Active Directory employee access, they can request access to the 'Employees' entitlement. + + When users need both Active Directory employee and developer access, they can request access to the 'AD Developers' access profile. + + When users need both the 'AD Developers' access profile and the 'GitHub Developers' access profile, they can request access to the role grouping both. + + Roles often represent positions within organizations. + For example, an organization's accountant can access all the tools the organization's accountants need with the 'Accountant' role. + If the accountant switches to engineering, a qualified member of the organization can quickly revoke the accountant's 'Accountant' access and grant access to the 'Engineer' role instead, granting access to all the tools the organization's engineers need. + + In IdentityNow, adminstrators can use the Access drop-down menu and select Roles to view, configure, and delete existing roles, as well as create new ones. + Administrators can enable and disable the role, and they can also make the following configurations: + + - Manage Access: Manage the role's access by adding or removing access profiles. + + - Define Assignment: Define the criteria IdentityNow uses to assign the role to identities. + Use the first option, 'Standard Criteria,' to provide specific criteria for assignment like specific account attributes, entitlements, or identity attributes. + Use the second, 'Identity List,' to specify the identities for assignment. + + - Access Requests: Configure roles to be requestable and establish an approval process for any requests that the role be granted or revoked. + Do not configure a role to be requestable without establishing a secure access request approval process for that role first. + + Refer to [Working with Roles](https://documentation.sailpoint.com/saas/help/provisioning/roles.html) for more information about roles. + - name: Saved Search + description: | + Use this API to implement saved search functionality. + With saved search functionality in place, users can save search queries and then view those saved searches, as well as rerun them. + + Search queries in IdentityNow can grow very long and specific, which can make reconstructing them difficult or tedious, so it can be especially helpful to save search queries. + It also opens the possibility to configure IdentityNow to run the saved queries on a schedule, which is essential to detecting user information and access changes throughout an organization's tenant and across all its sources. + Refer to [Scheduled Search](https://developer.sailpoint.com/idn/api/v3/scheduled-search) for more information about running saved searches on a schedule. + + In IdentityNow, users can save searches under a name, and then they can access that saved search and run it again when they want. + + Refer to [Managing Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html) for more information about saving searches and using them. + - name: Scheduled Search + description: | + Use this API to implement scheduled search functionality. + With scheduled search functionality in place, users can run saved search queries on their tenants on a schedule, and IdentityNow emails them the search results. + Users can also share these search results with other users by email by adding those users as subscribers, or those users can subscribe themselves. + + One of the greatest benefits of saving searches is the ability to run those searches on a schedule. + This is essential for organizations to constantly detect any changes to user information or access throughout their tenants and across all their sources. + For example, the manager Amanda Ross can schedule a saved search "manager.name:amanda.ross AND attributes.location:austin" on a schedule to regularly stay aware of changes with the Austin employees reporting to her. + IdentityNow emails her the search results when the search runs, so she can work on other tasks instead of actively running this search. + + In IdentityNow, scheduling a search involves a subscription. + Users can create a subscription for a saved search and schedule it to run daily, weekly, or monthly (you can only use one schedule option at a time). + The user can add other identities as subscribers so when the scheduled search runs, the subscribers and the user all receive emails. + + By default, subscriptions exclude detailed results from the emails, for security purposes. + Including detailed results about user access in an email may expose sensitive information. + However, the subscription creator can choose to include the information in the emails. + + By default, IdentityNow sends emails to the subscribers even when the searches do not return new results. + However, the subscription creator can choose to suppress these empty emails. + + Users can also subscribe to saved searches that already have existing subscriptions so they receive emails when the searches run. + A saved search can have up to 10 subscriptions configured at a time. + + The subscription creator can enable, disable, or delete the subscription. + + Refer to [Subscribing to Saved Searches](https://documentation.sailpoint.com/saas/help/search/saved-searches.html#subscribing-to-saved-searches) for more information about scheduling searches and subscribing to them. + - name: Search + description: | + Use this API to implement search functionality. + With search functionality in place, users can search their tenants for nearly any information from throughout their organizations. + + IdentityNow enables organizations to store user data from across all their connected sources and manage the users' access, so the ability to query and filter that data is essential. + Its search goes through all those sources and finds the results quickly and specifically. + + The search query is flexible - it can be very broad or very narrow. + The search only returns results for searchable objects it is filtering for. + The following objects are searchable: identities, roles, access profiles, entitlements, events, and account activities. + By default, no filter is applied, so a search for "Ad" returns both the identity "Adam.Archer" as well as the role "Administrator." + + Users can further narrow their results by using IdentityNow's specific syntax and punctuation to structure their queries. + For example, the query "attributes.location:austin AND NOT manager.name:amanda.ross" returns all results associated with the Austin location, but it excludes those associated with the manager Amanda Ross. + Refer to [Building a Search Query](https://documentation.sailpoint.com/saas/help/search/building-query.html) for more information about how to construct specific search queries. + + Refer to [Using Search](https://documentation.sailpoint.com/saas/help/search/index.html) for more information about IdentityNow's search and its different possibilities. + + The search feature uses Elasticsearch as a datastore and query engine. + The power of Elasticsearch makes this feature suitable for ad-hoc reporting. + However, data from the operational databases (ex. identities, roles, events, etc) has to be ingested into Elasticsearch. + This ingestion process introduces a latency from when the operational data is created to when it is available in search. + Depending on the system load, this can take a few seconds to a few minutes. + Please keep this latency in mind when you use search. + - name: Service Desk Integration + description: | + Use this API to build an integration between IdentityNow and a service desk ITSM (IT service management) solution. + Once an administrator builds this integration between IdentityNow and a service desk, users can use IdentityNow to raise and track tickets that are synchronized between IdentityNow and the service desk. + + In IdentityNow, administrators can create a service desk integration (sometimes also called an SDIM, or Service Desk Integration Module) by going to Admin > Connections > Service Desk and selecting 'Create.' + + To create a Generic Service Desk integration, for example, administrators must provide the required information on the General Settings page, the Connectivity and Authentication information, Ticket Creation information, Status Mapping information, and Requester Source information on the Configure page. + Refer to [Integrating SailPoint with Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) for more information about the process of setting up a Generic Service Desk in IdentityNow. + + Administrators can create various service desk integrations, all with their own nuances. + The following service desk integrations are available: + + - [Atlassian Cloud Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_cloud/help/integrating_jira_cloud_sd/introduction.html) + + - [Atlassian Server Jira Service Management](https://documentation.sailpoint.com/connectors/atlassian/jira_server/help/integrating_jira_server_sd/introduction.html) + + - [BMC Helix ITSM Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_ITSM_sd/help/integrating_bmc_helix_itsm_sd/intro.html) + + - [BMC Helix Remedyforce Service Desk](https://documentation.sailpoint.com/connectors/bmc/helix_remedyforce_sd/help/integrating_bmc_helix_remedyforce_sd/intro.html) + + - [Generic Service Desk](https://documentation.sailpoint.com/connectors/generic_sd/help/integrating_generic_service_desk/intro.html) + + - [ServiceNow Service Desk](https://documentation.sailpoint.com/connectors/servicenow/sdim/help/integrating_servicenow_sdim/intro.html) + + - [Zendesk Service Desk](https://documentation.sailpoint.com/connectors/zendesk/help/integrating_zendesk_sd/introduction.html) + - name: Sources + description: | + Use this API to implement and customize source functionality. + With source functionality in place, organizations can use IdentityNow to connect their various sources and user data sets and manage access across all those different sources in a secure, scalable way. + + [Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) refer to the IdentityNow representations for external applications, databases, and directory management systems that maintain their own sets of users, like Dropbox, GitHub, and Workday, for example. + Organizations may use hundreds, if not thousands, of different source systems, and any one employee within an organization likely has a different user record on each source, often with different permissions on many of those records. + Connecting these sources to IdentityNow makes it possible to manage user access across them all. + Then, if a new hire starts at an organization, IdentityNow can grant the new hire access to all the sources they need. + If an employee moves to a new department and needs access to new sources but no longer needs access to others, IdentityNow can grant the necessary access and revoke the unnecessary access for all the employee's various sources. + If an employee leaves the company, IdentityNow can revoke access to all the employee's various source accounts immediately. + These are just a few examples of the many ways that source functionality makes identity governance easier, more efficient, and more secure. + + In IdentityNow, administrators can create configure, manage, and edit sources, and they can designate other users as source admins to be able to do so. + They can also designate users as source sub-admins, who can perform the same source actions but only on sources associated with their governance groups. + Admins go to Connections > Sources to see a list of the existing source representations in their organizations. + They can create new sources or select existing ones. + + To create a new source, the following must be specified: Source Name, Description, Source Owner, and Connection Type. + Refer to [Configuring a Source](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html#configuring-a-source) for more information about the source configuration process. + + IdentityNow connects with its sources either by a direct communication with the source server (connection information specific to the source must be provided) or a flat file feed, a CSV file containing all the relevant information about the accounts to be loaded in. + Different sources use different connectors to share data with IdentityNow, and each connector's setup process is specific to that connector. + SailPoint has built a number of connectors to come out of the box and connect to the most common sources, and SailPoint actively maintains these connectors. + Refer to [IdentityNow Connectors](https://documentation.sailpoint.com/connectors/identitynow/landingpages/help/landingpages/identitynow_connectivity_landing.html) for more information about these SailPoint supported connectors. + Refer to the following links for more information about two useful connectors: + + - [JDBC Connector](https://documentation.sailpoint.com/connectors/jdbc/help/integrating_jdbc/introduction.html): This customizable connector an directly connect to databases that support JDBC (Java Database Connectivity). + + - [Web Services Connector](https://documentation.sailpoint.com/connectors/webservices/help/integrating_webservices/introduction.html): This connector can directly connect to databases that support Web Services. + + Refer to [SaaS Connectivity](https://developer.sailpoint.com/idn/docs/saas-connectivity) for more information about SailPoint's new connectivity framework that makes it easy to build and manage custom connectors to SaaS sources. + + When admins select existing sources, they can view the following information about the source: + + - Associated connections (any associated identity profiles, apps, or references to the source in a transform). + + - Associated user accounts. These accounts are linked to their identities - this provides a more complete picture of each user's access across sources. + + - Associated entitlements (sets of access rights on sources). + + - Associated access profiles (groupings of entitlements). + + The user account data and the entitlements update with each data aggregation from the source. + Organizations generally run scheduled, automated data aggregations to ensure that their data is always in sync between their sources and their IdentityNow tenants so an access change on a source is detected quickly in IdentityNow. + Admins can view a history of these aggregations, and they can also run manual imports. + Refer to [Loading Account Data](https://documentation.sailpoint.com/saas/help/accounts/loading_data.html) for more information about manual and scheduled aggregations. + + Admins can also make changes to determine which user account data IdentityNow collects from the source and how it correlates that account data with identity data. + To define which account attributes the source shares with IdentityNow, admins can edit the account schema on the source. + Refer to [Managing Source Account Schemas](https://documentation.sailpoint.com/saas/help/accounts/schema.html) for more information about source account schemas and how to edit them. + To define the mapping between the source account attributes and their correlating identity attributes, admins can edit the correlation configuration on the source. + Refer to [Assigning Source Accounts to Identities](https://documentation.sailpoint.com/saas/help/accounts/correlation.html) for more information about this correlation process between source accounts and identities. + + Admins can also delete sources, but they must first ensure that the sources no longer have any active connections: the source must not be associated with any identity profile or any app, and it must not be referenced by any transform. + Refer to [Deleting Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html#deleting-sources) for more information about deleting sources. + + Well organized, mappped out connections between sources and IdentityNow are essential to achieving comprehensive identity access governance across all the source systems organizations need. + Refer to [Managing Sources](https://documentation.sailpoint.com/saas/help/sources/managing_sources.html) for more information about all the different things admins can do with sources once they are connected. + - name: Transforms + description: | + The purpose of this API is to expose functionality for the manipulation of Transform objects. + Transforms are a form of configurable objects which define an easy way to manipulate attribute data without having + to write code. These endpoints don't require API calls to other resources, audit service is used for keeping track + of which users have made changes to the Transforms. + + Refer to [Transforms](https://developer.sailpoint.com/idn/docs/transforms) for more information about transforms. + - name: Work Items + description: | + Use this API to implement work item functionality. + With this functionality in place, users can manage their work items (tasks). + + Work items refer to the tasks users see in IdentityNow's Task Manager. + They can see the pending work items they need to complete, as well as the work items they have already completed. + Task Manager lists the work items along with the involved sources, identities, accounts, and the timestamp when the work item was created. + For example, a user may see a pending 'Create an Account' work item for the identity Fred.Astaire in GitHub for Fred's GitHub account, fred-astaire-sp. + Once the user completes the work item, the work item will be listed with his or her other completed work items. + + To complete work items, users can use their dashboards and select the 'My Tasks' widget. + The widget will list any work items they need to complete, and they can select the work item from the list to review its details. + When they complete the work item, they can select 'Mark Complete' to add it to their list of completed work items. + + Refer to [Task Manager](https://documentation.sailpoint.com/saas/user-help/task_manager.html) for more information about work items, including the different types of work items users may need to complete. +paths: + /access-profiles: + get: + operationId: listAccessProfiles + tags: + - Access Profiles + summary: List Access Profiles + description: |- + This API returns a list of Access Profiles. + + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: for-subadmin + schema: + type: string + description: |- + If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity's ID. + + A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin. + example: 8c190e6787aa4ed9a90bd9d5344523fb + required: false + - in: query + name: limit + description: |- + Note that for this API the maximum value for limit is 50. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 50 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 50 + default: 50 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, sw* + + **created, modified**: *gt, lt, ge, le* + + **owner.id**: *eq, in* + + **requestable**: *eq* + + **source.id**: *eq, in* + example: name eq "SailPoint Support" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name, created, modified** + example: 'name,-modified' + required: false + - in: query + name: for-segment-ids + schema: + type: string + format: comma-separated + description: |- + If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs. + + If segmentation is currently unavailable, specifying this parameter results in an error. + example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d' + required: false + - in: query + name: include-unsegmented + schema: + type: boolean + default: true + description: 'Whether or not the response list should contain unsegmented Access Profiles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.' + example: false + required: false + responses: + '200': + description: List of Access Profiles + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:read' + post: + operationId: createAccessProfile + tags: + - Access Profiles + summary: Create an Access Profile + description: |- + This API creates an Access Profile. + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the Access Profile's Source. + The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + responses: + '201': + description: Access Profile created + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + '/access-profiles/{id}': + get: + operationId: getAccessProfile + tags: + - Access Profiles + summary: Get an Access Profile + description: |- + This API returns an Access Profile by its ID. + + A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: path + name: id + required: true + schema: + type: string + description: ID of the Access Profile + example: 2c9180837ca6693d017ca8d097500149 + responses: + '200': + description: An AccessProfile + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:read' + patch: + operationId: patchAccessProfile + tags: + - Access Profiles + summary: Patch a specified Access Profile + description: |- + This API updates an existing Access Profile. The following fields are patchable: + **name**, **description**, **enabled**, **owner**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria** + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to administer. + > The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters. + + > You can only add or replace **entitlements** that exist on the source that the access profile is attached to. You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source. + + > Patching the value of the **requestable** field is only supported for customers enabled with the new Request Center. Otherwise, attempting to modify this field results in a 400 error. + parameters: + - name: id + in: path + description: ID of the Access Profile to patch + required: true + schema: + type: string + example: 2c91808a7813090a017814121919ecca + requestBody: + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Add Entitlements: + description: Add one or more entitlements to the end of the list + value: + - op: add + path: /entitlements + value: + - id: 2c9180857725c14301772a93bb77242d + type: ENTITLEMENT + name: AD User Group + Insert Entitlement: + description: Add an entitlement at the beginning of the entitlement list + value: + - op: add + path: /entitlements/0 + value: + id: 2c9180857725c14301772a93bb77242d + type: ENTITLEMENT + name: AD User Group + Replace Entitlements: + description: Replace all entitlements with a new list of entitlements + value: + - op: replace + path: /entitlements + value: + - id: 2c9180857725c14301772a93bb77242d + type: ENTITLEMENT + name: AD User Group + Remove Entitlement: + description: Remove the first entitlement in the list + value: + - op: remove + path: /entitlements/0 + required: true + responses: + '200': + description: Responds with the Access Profile as updated. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + readOnly: true + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + nullable: true + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + created: + type: string + description: Date the Access Profile was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + enabled: + type: boolean + description: Whether the Access Profile is enabled. If the Access Profile is enabled then you must include at least one Entitlement. + example: true + owner: + description: Owner of the Access Profile + type: object + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + source: + type: object + properties: + id: + type: string + description: The ID of the Source with with which the Access Profile is associated + example: 2c91809773dee3610173fdb0b6061ef4 + type: + type: string + enum: + - SOURCE + description: 'The type of the Source, will always be SOURCE' + example: SOURCE + name: + type: string + description: The display name of the associated Source + example: ODS-AD-SOURCE + entitlements: + type: array + description: A list of entitlements associated with the Access Profile. If enabled is false this is allowed to be empty otherwise it needs to contain at least one Entitlement. + items: + type: object + properties: + id: + type: string + description: The ID of the Entitlement + example: 2c91809773dee32014e13e122092014e + type: + type: string + enum: + - ENTITLEMENT + description: 'The type of the Entitlement, will always be ENTITLEMENT' + example: ENTITLEMENT + name: + type: string + description: The display name of the Entitlement + example: 'CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local' + requestable: + type: boolean + description: 'Whether the Access Profile is requestable via access request. Currently, making an Access Profile non-requestable is only supported for customers enabled with the new Request Center. Otherwise, attempting to create an Access Profile with a value **false** in this field results in a 400 error.' + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + nullable: true + items: + type: string + description: 'List of IDs of segments, if any, to which this Access Profile is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + provisioningCriteria: + description: 'When an Identity has multiple Accounts on the Source with which an Access Profile is associated, this expression is evaluated against those Accounts to choose one to provision with the Access Profile.' + nullable: true + example: + operation: OR + children: + - operation: AND + children: + - attribute: dn + operation: CONTAINS + value: useast + - attribute: manager + operation: CONTAINS + value: Scott.Clark + - operation: AND + children: + - attribute: dn + operation: EQUALS + value: Gibson + - attribute: telephoneNumber + operation: CONTAINS + value: '512' + type: object + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + nullable: true + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines matching criteria for an Account to be provisioned with a specific Access Profile + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - HAS + - AND + - OR + description: Supported operations on ProvisioningCriteria + example: EQUALS + attribute: + type: string + description: 'Name of the Account attribute to be tested. If **operation** is one of EQUALS, NOT_EQUALS, CONTAINS, or HAS, this field is required. Otherwise, specifying it is an error.' + example: email + nullable: true + value: + type: string + description: 'String value to test the Account attribute w/r/t the specified operation. If the operation is one of EQUALS, NOT_EQUALS, or CONTAINS, this field is required. Otherwise, specifying it is an error. If the Attribute is not String-typed, it will be converted to the appropriate type.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes.' + example: null + required: + - owner + - name + - source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + /access-profiles/bulk-delete: + post: + operationId: deleteAccessProfilesInBulk + summary: Delete Access Profile(s) + tags: + - Access Profiles + description: |- + This API initiates a bulk deletion of one or more Access Profiles. + + By default, if any of the indicated Access Profiles are in use, no deletions will be performed and the **inUse** field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is **true**, however, usages are reported in the **inUse** response field but all other indicated Access Profiles will be deleted. + + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a SOURCE_SUBADMIN may only use this API to delete Access Profiles which are associated with Sources they are able to administer. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + accessProfileIds: + description: List of IDs of Access Profiles to be deleted. + type: array + items: + type: string + example: + - 2c9180847812e0b1017817051919ecca + - 2c9180887812e0b201781e129f151816 + bestEffortOnly: + description: 'If **true**, silently skip over any of the specified Access Profiles if they cannot be deleted because they are in use. If **false**, no deletions will be attempted if any of the Access Profiles are in use.' + type: boolean + example: true + example: + bestEffortOnly: true + accessProfileIds: + - 2c91808876438bb2017668b91919ecca + - 2c91808876438ba801766e129f151816 + responses: + '200': + description: 'Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.' + content: + application/json: + schema: + type: object + properties: + taskId: + type: string + description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status. + example: 2c9180867817ac4d017817c491119a20 + pending: + type: array + description: List of IDs of Access Profiles which are pending deletion. + items: + type: string + example: + - 2c91808876438bbb017668c21919ecca + - 2c91808876438bb201766e129f151816 + inUse: + type: array + description: List of usages of Access Profiles targeted for deletion. + items: + type: object + properties: + accessProfileId: + type: string + description: ID of the Access Profile that is in use + example: 2c91808876438bbb017668c21919ecca + usedBy: + type: array + description: List of references to objects which are using the indicated Access Profile + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + example: + pending: [] + inUse: + - accessProfileId: 2c91808876438ba801766e129f151816 + usages: + - type: Role + id: 2c9180887643764201766e9f6e121518 + '202': + description: Returned if at least one deletion will be performed. + content: + application/json: + schema: + type: object + properties: + taskId: + type: string + description: ID of the task which is executing the bulk deletion. This can be passed to the **/task-status** API to track status. + example: 2c9180867817ac4d017817c491119a20 + pending: + type: array + description: List of IDs of Access Profiles which are pending deletion. + items: + type: string + example: + - 2c91808876438bbb017668c21919ecca + - 2c91808876438bb201766e129f151816 + inUse: + type: array + description: List of usages of Access Profiles targeted for deletion. + items: + type: object + properties: + accessProfileId: + type: string + description: ID of the Access Profile that is in use + example: 2c91808876438bbb017668c21919ecca + usedBy: + type: array + description: List of references to objects which are using the indicated Access Profile + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + example: + taskId: 2c91808a7813090a01781412a1119a20 + pending: + - 2c91808a7813090a017813fe1919ecca + inUse: + - accessProfileId: 2c91808876438ba801766e129f151816 + usages: + - type: Role + id: 2c9180887643764201766e9f6e121518 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:manage' + '/access-profiles/{id}/entitlements': + get: + operationId: getAccessProfileEntitlements + tags: + - Access Profiles + summary: List Access Profile's Entitlements + description: |- + This API lists the Entitlements associated with a given Access Profile + + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given Access Profile + parameters: + - name: id + in: path + description: ID of the containing Access Profile + required: true + schema: + type: string + example: 2c91808a7813090a017814121919ecca + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following Entitlement fields and operators: + **id**: *eq, in* + + **name**: *eq, sw* + + **attribute**: *eq, sw* + + **value**: *eq, sw* + + **created, modified**: *gt, lt, ge, le* + + **owner.id**: *eq, in* + + **source.id**: *eq, in* + example: attribute eq "memberOf" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name, attribute, value, created, modified** + example: 'name,-modified' + required: false + responses: + '200': + description: List of Entitlements + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The entitlement id + example: 2c91808874ff91550175097daaec161c + name: + type: string + description: The entitlement name + example: LauncherTest2 + attribute: + type: string + description: The entitlement attribute name + example: memberOf + value: + type: string + description: The value of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + sourceSchemaObjectType: + type: string + description: The object type of the entitlement from the source schema + example: group + description: + type: string + description: The description of the entitlement + example: 'CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local' + privileged: + type: boolean + description: True if the entitlement is privileged + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: true + created: + type: string + description: Time when the entitlement was created + format: date-time + example: '2020-10-08T18:33:52.029Z' + modified: + type: string + description: Time when the entitlement was last modified + format: date-time + example: '2020-10-08T18:33:52.029Z' + source: + type: object + properties: + id: + type: string + description: The source ID + example: 2c9180827ca885d7017ca8ce28a000eb + type: + type: string + description: 'The source type, will always be "SOURCE"' + example: SOURCE + name: + type: string + description: The source name + example: ODS-AD-Source + attributes: + type: object + description: A map of free-form key-value pairs from the source system + example: + fieldName: fieldValue + additionalProperties: true + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Entitlement is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + directPermissions: + type: array + items: + type: object + description: 'Simplified DTO for the Permission objects stored in SailPoint''s database. The data is aggregated from customer systems and is free-form, so its appearance can vary largely between different clients/customers.' + properties: + rights: + type: array + description: All the rights (e.g. actions) that this permission allows on the target + readOnly: true + items: + type: string + example: SELECT + target: + type: string + description: The target the permission would grants rights on. + readOnly: true + example: SYS.GV_$TRANSACTION + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:access-profile:read' + /access-requests: + post: + operationId: createAccessRequest + security: + - oauth2: + - 'idn:access-request:create' + summary: Submit an Access Request + tags: + - Access Requests + description: | + This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes. + + Access requests are processed asynchronously by IdentityNow. A success response from this endpoint means the request + has been submitted to IDN and is queued for processing. Because this endpoint is asynchronous, it will not return an error + if you submit duplicate access requests in quick succession, or you submit an access request for access that is already in progress, approved, or rejected. + It is best practice to check for any existing access requests that reference the same access items before submitting a new access request. This can + be accomplished by using the [access request status](https://developer.sailpoint.com/idn/api/v3/list-access-request-status) or the [pending access request approvals](https://developer.sailpoint.com/idn/api/v3/list-pending-approvals) endpoints. You can also + use the [search API](https://developer.sailpoint.com/idn/api/v3/search) to check the existing access items that an identity has before submitting + an access request to ensure you are not requesting access that is already granted. + + There are two types of access request: + + __GRANT_ACCESS__ + * Can be requested for multiple identities in a single request. + * Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options. + * Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others. + * Roles, Access Profiles and Entitlements can be requested. + * While requesting entitlements, maximum of 25 entitlements and 10 recipients are allowed in a request. + + __REVOKE_ACCESS__ + * Can only be requested for a single identity at a time. + * Does not support self request. Only manager can request to revoke access for their directly managed employees. + * If removeDate is specified, then the access will be removed on that date and time only for Roles and Access Profiles. Entitlements are currently unsupported for removeDate. + * Roles, Access Profiles, and Entitlements can be requested for revocation. + * Revoke requests for entitlements are limited to 1 entitlement per access request currently. + * [Roles, Access Profiles] RemoveData can be specified only if access don't have a sunset date. + * Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone. + + NOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API. + + A token with API authority cannot be used to call this endpoint. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + requestedFor: + description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.' + type: array + items: + type: string + example: 2c918084660f45d6016617daa9210584 + requestType: + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. + example: GRANT_ACCESS + requestedItems: + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of the item being requested. + example: ACCESS_PROFILE + id: + type: string + description: 'ID of Role, Access Profile or Entitlement being requested.' + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: | + Comment provided by requester. + * Comment is required when the request is of type Revoke Access. + example: Requesting access profile for John Doe + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. + removeDate: + type: string + description: | + The date the role or access profile is no longer assigned to the specified identity. + * Specify a date in the future. + * The current SLA for the deprovisioning is 24 hours. + * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. + * Currently it is not supported for entitlements. + * If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements. + format: date-time + example: '2020-07-11T21:23:15.000Z' + required: + - id + - type + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. + required: + - requestedFor + - requestedItems + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-requests/cancel: + post: + operationId: cancelAccessRequest + tags: + - Access Requests + summary: Cancel Access Request + description: |- + This API endpoint cancels a pending access request. An access request can be cancelled only if it has not passed the approval step. + Any token with ORG_ADMIN authority or token of the user who originally requested the access request is required to cancel it. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Request body payload for cancel access request endpoint. + required: + - accountActivityId + - comment + properties: + accountActivityId: + type: string + description: ID of the account activity object corresponding to the access request. + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: Reason for cancelling the pending access request. + example: I requested this role by mistake. + example: + accountActivityId: 2c91808568c529c60168cca6f90c1313 + comment: I requested this role by mistake. + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-config: + get: + operationId: getAccessRequestConfig + summary: Get Access Request Configuration + tags: + - Access Requests + description: This endpoint returns the current access-request configuration. + responses: + '200': + description: Access Request Configuration Details. + content: + application/json: + schema: + type: object + properties: + approvalsMustBeExternal: + type: boolean + description: 'If true, then approvals must be processed by external system.' + example: true + autoApprovalEnabled: + type: boolean + description: 'If true and requester and reviewer are the same, then automatically approve the approval.' + example: true + requestOnBehalfOfConfig: + description: Request On Behalf Of Configuration. + type: object + properties: + allowRequestOnBehalfOfAnyoneByAnyone: + type: boolean + description: If anyone can request access for anyone. + example: true + allowRequestOnBehalfOfEmployeeByManager: + type: boolean + description: If a manager can request access for his/her direct reports. + example: true + approvalReminderAndEscalationConfig: + description: Approval Reminder and Escalation Configuration. + type: object + properties: + daysUntilEscalation: + type: integer + description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.' + format: int32 + example: 0 + daysBetweenReminders: + type: integer + description: Number of days to wait between reminder notifications. + format: int32 + example: 0 + maxReminders: + type: integer + description: Maximum number of reminder notification to send to the reviewer before approval escalation. + format: int32 + example: 0 + fallbackApproverRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlementRequestConfig: + description: Entitlement Request Configuration. + type: object + properties: + allowEntitlementRequest: + type: boolean + description: Flag for allowing entitlement request. + example: true + requestCommentsRequired: + type: boolean + description: Flag for requiring comments while submitting an entitlement request. + default: false + example: false + deniedCommentsRequired: + type: boolean + description: Flag for requiring comments while rejecting an entitlement request. + default: false + example: false + grantRequestApprovalSchemes: + type: string + description: | + Approval schemes for granting entitlement request. This can be empty if no approval is needed. + Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". + Multiple workgroups (governance groups) can be used. + default: sourceOwner + example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updateAccessRequestConfig + summary: Update Access Request Configuration + tags: + - Access Requests + description: |- + This endpoint replaces the current access-request configuration. + A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + approvalsMustBeExternal: + type: boolean + description: 'If true, then approvals must be processed by external system.' + example: true + autoApprovalEnabled: + type: boolean + description: 'If true and requester and reviewer are the same, then automatically approve the approval.' + example: true + requestOnBehalfOfConfig: + description: Request On Behalf Of Configuration. + type: object + properties: + allowRequestOnBehalfOfAnyoneByAnyone: + type: boolean + description: If anyone can request access for anyone. + example: true + allowRequestOnBehalfOfEmployeeByManager: + type: boolean + description: If a manager can request access for his/her direct reports. + example: true + approvalReminderAndEscalationConfig: + description: Approval Reminder and Escalation Configuration. + type: object + properties: + daysUntilEscalation: + type: integer + description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.' + format: int32 + example: 0 + daysBetweenReminders: + type: integer + description: Number of days to wait between reminder notifications. + format: int32 + example: 0 + maxReminders: + type: integer + description: Maximum number of reminder notification to send to the reviewer before approval escalation. + format: int32 + example: 0 + fallbackApproverRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlementRequestConfig: + description: Entitlement Request Configuration. + type: object + properties: + allowEntitlementRequest: + type: boolean + description: Flag for allowing entitlement request. + example: true + requestCommentsRequired: + type: boolean + description: Flag for requiring comments while submitting an entitlement request. + default: false + example: false + deniedCommentsRequired: + type: boolean + description: Flag for requiring comments while rejecting an entitlement request. + default: false + example: false + grantRequestApprovalSchemes: + type: string + description: | + Approval schemes for granting entitlement request. This can be empty if no approval is needed. + Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". + Multiple workgroups (governance groups) can be used. + default: sourceOwner + example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584' + responses: + '200': + description: Access Request Configuration Details. + content: + application/json: + schema: + type: object + properties: + approvalsMustBeExternal: + type: boolean + description: 'If true, then approvals must be processed by external system.' + example: true + autoApprovalEnabled: + type: boolean + description: 'If true and requester and reviewer are the same, then automatically approve the approval.' + example: true + requestOnBehalfOfConfig: + description: Request On Behalf Of Configuration. + type: object + properties: + allowRequestOnBehalfOfAnyoneByAnyone: + type: boolean + description: If anyone can request access for anyone. + example: true + allowRequestOnBehalfOfEmployeeByManager: + type: boolean + description: If a manager can request access for his/her direct reports. + example: true + approvalReminderAndEscalationConfig: + description: Approval Reminder and Escalation Configuration. + type: object + properties: + daysUntilEscalation: + type: integer + description: 'Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.' + format: int32 + example: 0 + daysBetweenReminders: + type: integer + description: Number of days to wait between reminder notifications. + format: int32 + example: 0 + maxReminders: + type: integer + description: Maximum number of reminder notification to send to the reviewer before approval escalation. + format: int32 + example: 0 + fallbackApproverRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlementRequestConfig: + description: Entitlement Request Configuration. + type: object + properties: + allowEntitlementRequest: + type: boolean + description: Flag for allowing entitlement request. + example: true + requestCommentsRequired: + type: boolean + description: Flag for requiring comments while submitting an entitlement request. + default: false + example: false + deniedCommentsRequired: + type: boolean + description: Flag for requiring comments while rejecting an entitlement request. + default: false + example: false + grantRequestApprovalSchemes: + type: string + description: | + Approval schemes for granting entitlement request. This can be empty if no approval is needed. + Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". + Multiple workgroups (governance groups) can be used. + default: sourceOwner + example: 'entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-status: + get: + operationId: listAccessRequestStatus + tags: + - Access Requests + summary: Access Request Status + description: |- + The Access Request Status API returns a list of access request statuses based on the specified query parameters. + Any token with any authority can request their own status. A token with ORG_ADMIN authority is required to call this API to get a list of statuses for other users. + parameters: + - in: query + name: requested-for + schema: + type: string + example: 2c9180877b2b6ea4017b2c545f971429 + description: Filter the results by the identity for which the requests were made. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + - in: query + name: requested-by + schema: + type: string + example: 2c9180877b2b6ea4017b2c545f971429 + description: Filter the results by the identity that made the requests. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + - in: query + name: regarding-identity + schema: + type: string + example: 2c9180877b2b6ea4017b2c545f971429 + description: Filter the results by the specified identity which is either the requester or target of the requests. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. + required: false + - in: query + name: count + description: If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + required: false + schema: + type: boolean + default: false + example: false + - in: query + name: limit + description: Max number of results to return. + required: false + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + example: 100 + - in: query + name: offset + description: Offset into the full result set. Usually specified with *limit* to paginate through the results. Defaults to 0 if not specified. + required: false + schema: + type: integer + format: int32 + minimum: 0 + example: 10 + - in: query + name: filters + schema: + type: string + example: accountActivityItemId eq "2c918086771c86df0177401efcdf54c0" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **accountActivityItemId**: *eq, in* + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified, accountActivityItemId** + example: created + required: false + responses: + '200': + description: List of requested item status. + content: + application/json: + schema: + type: array + items: + type: object + properties: + name: + type: string + description: Human-readable display name of the item being requested. + example: AccessProfile1 + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Type of requested object. + example: ACCESS_PROFILE + cancelledRequestDetails: + nullable: true + type: object + properties: + comment: + type: string + description: Comment made by the owner when cancelling the associated request. + example: Nisl quis ipsum quam quisque condimentum nunc ut dolor nunc. + owner: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + modified: + type: string + format: date-time + description: Date comment was added by the owner when cancelling the associated request + example: '2019-12-20T09:17:12.192Z' + description: Provides additional details for a request that has been cancelled. + errorMessages: + type: array + nullable: true + items: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + description: 'List of list of localized error messages, if any, encountered during the approval/provisioning process.' + state: + type: string + enum: + - EXECUTING + - REQUEST_COMPLETED + - CANCELLED + - TERMINATED + - PROVISIONING_VERIFICATION_PENDING + - REJECTED + - PROVISIONING_FAILED + - NOT_ALL_ITEMS_PROVISIONED + - ERROR + description: |- + Indicates the state of an access request: + * EXECUTING: The request is executing, which indicates the system is doing some processing. + * REQUEST_COMPLETED: Indicates the request has been completed. + * CANCELLED: The request was cancelled with no user input. + * TERMINATED: The request has been terminated before it was able to complete. + * PROVISIONING_VERIFICATION_PENDING: The request has finished any approval steps and provisioning is waiting to be verified. + * REJECTED: The request was rejected. + * PROVISIONING_FAILED: The request has failed to complete. + * NOT_ALL_ITEMS_PROVISIONED: One or more of the requested items failed to complete, but there were one or more successes. + * ERROR: An error occurred during request processing. + example: EXECUTING + approvalDetails: + type: array + items: + type: object + properties: + forwarded: + type: boolean + description: True if the request for this item was forwarded from one owner to another. + example: false + originalOwner: + description: 'Base identity/workgroup reference object representing the original owner, if forwarded.' + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + currentOwner: + description: Base reference of approver that will make decision. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + reviewedBy: + description: The identity who has reviewed the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + modified: + type: string + format: date-time + description: Time at which item was modified. + example: '2019-08-23T18:52:57.398Z' + status: + type: string + enum: + - PENDING + - APPROVED + - REJECTED + - EXPIRED + - CANCELLED + - ARCHIVED + description: |- + Indicates the state of the request processing for this item: + * PENDING: The request for this item is awaiting processing. + * APPROVED: The request for this item has been approved. + * REJECTED: The request for this item was rejected. + * EXPIRED: The request for this item expired with no action taken. + * CANCELLED: The request for this item was cancelled with no user action. + * ARCHIVED: The request for this item has been archived after completion. + example: PENDING + scheme: + type: string + enum: + - APP_OWNER + - SOURCE_OWNER + - MANAGER + - ROLE_OWNER + - ACCESS_PROFILE_OWNER + - ENTITLEMENT_OWNER + - GOVERNANCE_GROUP + description: Describes the individual or group that is responsible for an approval step. + example: MANAGER + errorMessages: + type: array + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + description: 'If the request failed, includes any error messages that were generated.' + comment: + type: string + description: 'Comment, if any, provided by the approver.' + example: I approve this request + removeDate: + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + description: Approval details for each item. + manualWorkItemDetails: + type: array + nullable: true + items: + type: object + properties: + forwarded: + type: boolean + description: True if the request for this item was forwarded from one owner to another. + example: true + originalOwner: + description: 'Base identity/workgroup reference object representing the original owner, if forwarded.' + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + currentOwner: + description: Base reference of approver that will make decision. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + modified: + type: string + format: date-time + description: Time at which item was modified. + example: '2019-08-23T18:52:57.398Z' + status: + type: string + enum: + - PENDING + - APPROVED + - REJECTED + - EXPIRED + - CANCELLED + - ARCHIVED + description: |- + Indicates the state of the request processing for this item: + * PENDING: The request for this item is awaiting processing. + * APPROVED: The request for this item has been approved. + * REJECTED: The request for this item was rejected. + * EXPIRED: The request for this item expired with no action taken. + * CANCELLED: The request for this item was cancelled with no user action. + * ARCHIVED: The request for this item has been archived after completion. + example: PENDING + forwardHistory: + type: array + items: + type: object + properties: + oldApproverName: + type: string + description: Display name of approver from whom the approval was forwarded. + example: Frank Mir + newApproverName: + type: string + description: Display name of approver to whom the approval was forwarded. + example: Al Volta + comment: + type: string + nullable: true + description: Comment made while forwarding. + example: Forwarding from Frank to Al + modified: + type: string + format: date-time + description: Time at which approval was forwarded. + example: '2019-08-23T18:52:57.398Z' + forwarderName: + type: string + nullable: true + description: Display name of forwarder who forwarded the approval. + example: William Wilson + reassignmentType: + description: Type of approval reassignment. + example: AUTOMATIC_REASSIGNMENT + type: string + enum: + - MANUAL_REASSIGNMENT + - AUTOMATIC_REASSIGNMENT + - AUTO_ESCALATION + - SELF_REVIEW_DELEGATION + description: The history of approval forward action. + description: Manual work items created for provisioning the item. + accountActivityItemId: + type: string + description: Id of associated account activity item. + example: 2c9180926cbfbddd016cbfc7c3b10010 + requestType: + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. + example: GRANT_ACCESS + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + requester: + description: The identity that requested the item. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedFor: + description: The identity for whom the Access Request Status is requested for. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requesterComment: + nullable: true + description: The requester's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + sodViolationContext: + nullable: true + description: The details of the SOD violations for the associated approval. + type: object + properties: + state: + type: string + enum: + - SUCCESS + - ERROR + description: The status of SOD violation check + example: SUCCESS + uuid: + description: The id of the Violation check event + type: string + example: f73d16e9-a038-46c5-b217-1246e15fdbdd + violationCheckResult: + description: The inner object representing the completed SOD Violation check + type: object + properties: + message: + description: 'If the request failed, includes any error message that was generated.' + example: + - locale: en-US + localeOrigin: DEFAULT + text: An error has occurred during the SOD violation check + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + violationContexts: + type: array + items: + description: The contextual information of the violated criteria + type: object + properties: + policy: + description: Reference to the Policy that is being violated. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + conflictingAccessCriteria: + type: object + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + rightCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + violatedPolicies: + type: array + description: A list of the Policies that were violated + items: + description: Reference to the policy that was violated + example: + - type: SOD_POLICY + id: 69129440-422d-4a23-aadd-35c828d5bfda + name: HR Policy + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + provisioningDetails: + nullable: true + type: object + properties: + orderedSubPhaseReferences: + type: string + description: 'Ordered CSV of sub phase references to objects that contain more information about provisioning. For example, this can contain "manualWorkItemDetails" which indicate that there is further information in that object for this phase.' + example: manualWorkItemDetails + description: Provides additional details about provisioning for this request. + preApprovalTriggerDetails: + nullable: true + type: object + properties: + comment: + type: string + description: Comment left for the pre-approval decision + example: Access is Approved + reviewer: + type: string + description: The reviewer of the pre-approval decision + example: John Doe + decision: + type: string + enum: + - APPROVED + - REJECTED + description: The decision of the pre-approval trigger + example: APPROVED + description: Provides additional details about the pre-approval trigger for this request. + accessRequestPhases: + type: array + items: + type: object + properties: + started: + type: string + description: The time that this phase started. + format: date-time + example: '2020-07-11T00:00:00Z' + finished: + type: string + description: The time that this phase finished. + format: date-time + example: '2020-07-12T00:00:00Z' + name: + type: string + description: The name of this phase. + example: APPROVAL_PHASE + state: + type: string + enum: + - PENDING + - EXECUTING + - COMPLETED + - CANCELLED + description: The state of this phase. + example: COMPLETED + result: + type: string + enum: + - SUCCESSFUL + - FAILED + description: The state of this phase. + example: SUCCESSFUL + phaseReference: + type: string + description: 'A reference to another object on the RequestedItemStatus that contains more details about the phase. Note that for the Provisioning phase, this will be empty if there are no manual work items.' + example: approvalDetails + description: Provides additional details about this access request phase. + description: 'A list of Phases that the Access Request has gone through in order, to help determine the status of the request.' + description: + type: string + description: Description associated to the requested object. + example: This is the Engineering role that engineers are granted. + removeDate: + type: string + format: date-time + nullable: true + description: When the role access is scheduled for removal. + example: '2019-10-23T00:00:00.000Z' + cancelable: + type: boolean + description: True if the request can be canceled. + example: true + accessRequestId: + type: string + format: string + description: This is the account activity id. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + example: + key1: value1 + key2: value2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-approvals/pending: + get: + operationId: listPendingApprovals + summary: Pending Access Request Approvals List + tags: + - Access Request Approvals + description: This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info. + parameters: + - in: query + name: owner-id + schema: + type: string + description: |- + If present, the value returns only pending approvals for the specified identity. + * ORG_ADMIN users can call this with any identity ID value. + * ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used. + * Non-ORG_ADMIN users can only specify *me* or pass their own identity ID value. + example: 2c91808568c529c60168cca6f90c1313 + required: false + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **requestedFor.id**: *eq, in* + + **modified**: *gt, lt, ge, le* + example: id eq "2c91808568c529c60168cca6f90c1313" + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified** + example: modified + responses: + '200': + description: List of Pending Approvals. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The approval id. + example: id12345 + name: + type: string + description: The name of the approval. + example: aName + created: + type: string + format: date-time + description: When the approval was created. + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: When the approval was modified last time. + example: '2018-07-25T20:22:28.104Z' + requestCreated: + type: string + format: date-time + description: When the access-request was created. + example: '2017-07-11T18:45:35.098Z' + requestType: + description: If the access-request was for granting or revoking access. + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + example: GRANT_ACCESS + requester: + description: The identity that requested the item. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedFor: + description: The identity for whom the item is requested for. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + owner: + description: The owner or approver of the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedObject: + description: The requested access item. + type: object + properties: + id: + type: string + description: Id of the object. + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the object. + example: Applied Research Access + description: + type: string + description: Description of the object. + example: 'Access to research information, lab results, and schematics' + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Type of the object. + example: ROLE + requesterComment: + description: The requester's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + previousReviewersComments: + type: array + items: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + description: The history of the previous reviewers comments. + forwardHistory: + type: array + items: + type: object + properties: + oldApproverName: + type: string + description: Display name of approver from whom the approval was forwarded. + example: Frank Mir + newApproverName: + type: string + description: Display name of approver to whom the approval was forwarded. + example: Al Volta + comment: + type: string + nullable: true + description: Comment made while forwarding. + example: Forwarding from Frank to Al + modified: + type: string + format: date-time + description: Time at which approval was forwarded. + example: '2019-08-23T18:52:57.398Z' + forwarderName: + type: string + nullable: true + description: Display name of forwarder who forwarded the approval. + example: William Wilson + reassignmentType: + description: Type of approval reassignment. + example: AUTOMATIC_REASSIGNMENT + type: string + enum: + - MANUAL_REASSIGNMENT + - AUTOMATIC_REASSIGNMENT + - AUTO_ESCALATION + - SELF_REVIEW_DELEGATION + description: The history of approval forward action. + commentRequiredWhenRejected: + type: boolean + description: When true the rejector has to provide comments when rejecting + example: true + actionInProcess: + description: 'Action that is performed on this approval, and system has not finished performing that action yet.' + type: string + enum: + - APPROVED + - REJECTED + - FORWARDED + example: APPROVED + removeDate: + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + removeDateUpdateRequested: + type: boolean + description: 'If true, then the request is to change the remove date or sunset date.' + example: true + currentRemoveDate: + type: string + description: The remove date or sunset date that was assigned at the time of the request. + format: date-time + example: '2020-07-11T00:00:00Z' + sodViolationContext: + description: The details of the SOD violations for the associated approval. + type: object + properties: + state: + type: string + enum: + - SUCCESS + - ERROR + description: The status of SOD violation check + example: SUCCESS + uuid: + description: The id of the Violation check event + type: string + example: f73d16e9-a038-46c5-b217-1246e15fdbdd + violationCheckResult: + description: The inner object representing the completed SOD Violation check + type: object + properties: + message: + description: 'If the request failed, includes any error message that was generated.' + example: + - locale: en-US + localeOrigin: DEFAULT + text: An error has occurred during the SOD violation check + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + violationContexts: + type: array + items: + description: The contextual information of the violated criteria + type: object + properties: + policy: + description: Reference to the Policy that is being violated. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + conflictingAccessCriteria: + type: object + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + rightCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + violatedPolicies: + type: array + description: A list of the Policies that were violated + items: + description: Reference to the policy that was violated + example: + - type: SOD_POLICY + id: 69129440-422d-4a23-aadd-35c828d5bfda + name: HR Policy + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-approvals/completed: + get: + operationId: listCompletedApprovals + summary: Completed Access Request Approvals List + tags: + - Access Request Approvals + description: This endpoint returns list of completed approvals. See *owner-id* query parameter below for authorization info. + parameters: + - in: query + name: owner-id + required: false + schema: + type: string + description: |- + If present, the value returns only completed approvals for the specified identity. + * ORG_ADMIN users can call this with any identity ID value. + * ORG_ADMIN users can also fetch all the approvals in the org, when + owner-id is not used. + * Non-ORG_ADMIN users can only specify *me* or pass their own + identity ID value. + example: 2c91808568c529c60168cca6f90c1313 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **requestedFor.id**: *eq, in* + + **modified**: *gt, lt, ge, le* + example: id eq "2c91808568c529c60168cca6f90c1313" + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified** + example: modified + responses: + '200': + description: List of Completed Approvals. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The approval id. + example: id12345 + name: + type: string + description: The name of the approval. + example: aName + created: + type: string + format: date-time + description: When the approval was created. + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: When the approval was modified last time. + example: '2018-07-25T20:22:28.104Z' + requestCreated: + type: string + format: date-time + description: When the access-request was created. + example: '2017-07-11T18:45:35.098Z' + requestType: + description: If the access-request was for granting or revoking access. + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + example: GRANT_ACCESS + requester: + description: The identity that requested the item. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedFor: + description: The identity for whom the item is requested for. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + reviewedBy: + description: The identity who has reviewed the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + owner: + description: The owner or approver of the approval. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + requestedObject: + description: The requested access item. + type: object + properties: + id: + type: string + description: Id of the object. + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the object. + example: Applied Research Access + description: + type: string + description: Description of the object. + example: 'Access to research information, lab results, and schematics' + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Type of the object. + example: ROLE + requesterComment: + description: The requester's comment. + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + reviewerComment: + allOf: + - type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + description: The approval's reviewer's comment. + nullable: true + previousReviewersComments: + type: array + items: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + description: The history of the previous reviewers comments. + forwardHistory: + type: array + items: + type: object + properties: + oldApproverName: + type: string + description: Display name of approver from whom the approval was forwarded. + example: Frank Mir + newApproverName: + type: string + description: Display name of approver to whom the approval was forwarded. + example: Al Volta + comment: + type: string + nullable: true + description: Comment made while forwarding. + example: Forwarding from Frank to Al + modified: + type: string + format: date-time + description: Time at which approval was forwarded. + example: '2019-08-23T18:52:57.398Z' + forwarderName: + type: string + nullable: true + description: Display name of forwarder who forwarded the approval. + example: William Wilson + reassignmentType: + description: Type of approval reassignment. + example: AUTOMATIC_REASSIGNMENT + type: string + enum: + - MANUAL_REASSIGNMENT + - AUTOMATIC_REASSIGNMENT + - AUTO_ESCALATION + - SELF_REVIEW_DELEGATION + description: The history of approval forward action. + commentRequiredWhenRejected: + type: boolean + description: When true the rejector has to provide comments when rejecting + example: true + state: + description: The final state of the approval + type: string + enum: + - APPROVED + - REJECTED + example: APPROVED + removeDate: + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + nullable: true + removeDateUpdateRequested: + type: boolean + description: 'If true, then the request was to change the remove date or sunset date.' + example: true + currentRemoveDate: + type: string + description: The remove date or sunset date that was assigned at the time of the request. + format: date-time + example: '2020-07-11T00:00:00Z' + nullable: true + sodViolationContext: + description: The details of the SOD violations for the associated approval. + type: object + properties: + state: + type: string + enum: + - SUCCESS + - ERROR + description: The status of SOD violation check + example: SUCCESS + uuid: + description: The id of the Violation check event + type: string + example: f73d16e9-a038-46c5-b217-1246e15fdbdd + violationCheckResult: + description: The inner object representing the completed SOD Violation check + type: object + properties: + message: + description: 'If the request failed, includes any error message that was generated.' + example: + - locale: en-US + localeOrigin: DEFAULT + text: An error has occurred during the SOD violation check + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + clientMetadata: + type: object + additionalProperties: + type: string + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check. + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + violationContexts: + type: array + items: + description: The contextual information of the violated criteria + type: object + properties: + policy: + description: Reference to the Policy that is being violated. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + conflictingAccessCriteria: + type: object + description: The object which contains the left and right hand side of the entitlements that got violated according to the policy. + properties: + leftCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + rightCriteria: + type: object + properties: + criteriaList: + type: array + items: + description: Details of the Entitlement criteria + type: object + properties: + existing: + type: boolean + example: true + description: If the entitlement already belonged to the user or not. + type: + example: ENTITLEMENT + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Entitlement ID + example: 2c918085771e9d3301773b3cb66f6398 + name: + type: string + description: Entitlement name + example: My HR Entitlement + violatedPolicies: + type: array + description: A list of the Policies that were violated + items: + description: Reference to the policy that was violated + example: + - type: SOD_POLICY + id: 69129440-422d-4a23-aadd-35c828d5bfda + name: HR Policy + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/access-request-approvals/{approvalId}/approve': + post: + operationId: approveAccessRequest + summary: Approves an access request approval. + tags: + - Access Request Approvals + description: This endpoint approves an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. + parameters: + - in: path + name: approvalId + schema: + type: string + required: true + description: The id of the approval. + example: 2c91808b7294bea301729568c68c002e + requestBody: + description: Reviewer's comment. + required: false + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/access-request-approvals/{approvalId}/reject': + post: + operationId: rejectAccessRequest + summary: Rejects an access request approval. + tags: + - Access Request Approvals + description: This endpoint rejects an access request approval. Only the owner of the approval and admin users are allowed to perform this action. + parameters: + - in: path + name: approvalId + schema: + type: string + required: true + description: The id of the approval. + example: 2c91808b7294bea301729568c68c002e + requestBody: + description: Reviewer's comment. + required: false + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat + author: + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + type: string + description: ID of the author + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + created: + type: string + format: date-time + description: Date and time comment was created + example: '2017-07-11T18:45:37.098Z' + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/access-request-approvals/{approvalId}/forward': + post: + operationId: forwardAccessRequest + summary: Forwards an access request approval. + tags: + - Access Request Approvals + description: This endpoint forwards an access request approval to a new owner. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action. + parameters: + - in: path + name: approvalId + schema: + type: string + required: true + description: The id of the approval. + example: 2c91808b7294bea301729568c68c002e + requestBody: + description: Information about the forwarded approval. + required: true + content: + application/json: + schema: + type: object + required: + - newOwnerId + - comment + properties: + newOwnerId: + type: string + description: The Id of the new owner + example: 2c91808568c529c60168cca6f90c1314 + minLength: 1 + maxLength: 255 + comment: + type: string + description: The comment provided by the forwarder + example: 2c91808568c529c60168cca6f90c1313 + minLength: 1 + maxLength: 255 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /access-request-approvals/approval-summary: + get: + operationId: getAccessRequestApprovalSummary + summary: Get the number of access-requests-approvals + tags: + - Access Request Approvals + description: 'This endpoint returns the number of pending, approved and rejected access requests approvals. See "owner-id" query parameter below for authorization info.' + parameters: + - in: query + name: owner-id + schema: + type: string + description: |- + The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity. + * ORG_ADMIN users can call this with any identity ID value. + * ORG_ADMIN user can also fetch all the approvals in the org, when + owner-id is not used. + * Non ORG_ADMIN users can only specify *me* or pass their own + identity ID value. + example: 2c91808568c529c60168cca6f90c1313 + required: false + - in: query + name: from-date + schema: + type: string + description: From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format + example: 'from-date=2020-03-19T19:59:11Z' + required: false + responses: + '200': + description: 'Number of pending, approved, rejected access request approvals.' + content: + application/json: + schema: + type: object + properties: + pending: + type: integer + description: The number of pending access requests approvals. + format: int32 + example: 0 + approved: + type: integer + description: The number of approved access requests approvals. + format: int32 + example: 0 + rejected: + type: integer + description: The number of rejected access requests approvals. + format: int32 + example: 0 + '400': + description: Client Error - Returned if the query parameter is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /accounts: + get: + operationId: listAccounts + tags: + - Accounts + summary: Accounts List + description: |- + This returns a list of accounts. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: identityId eq "2c9180858082150f0180893dbaf44201" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **identityId**: *eq* + + **name**: *eq, in* + + **nativeIdentity**: *eq, in* + + **sourceId**: *eq, in* + + **uncorrelated**: *eq* + required: false + responses: + '200': + description: List of account objects + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + properties: + sourceId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + identityId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + attributes: + type: object + additionalProperties: true + example: + firstName: SailPoint + lastName: Support + displayName: SailPoint Support + authoritative: + type: boolean + description: Indicates if this account is from an authoritative source + example: false + description: + type: string + description: A description of the account + nullable: true + example: null + disabled: + type: boolean + description: Indicates if the account is currently disabled + example: false + locked: + type: boolean + description: Indicates if the account is currently locked + example: false + nativeIdentity: + type: string + example: '552775' + systemAccount: + type: boolean + example: false + uncorrelated: + type: boolean + description: Indicates if this account is not correlated to an identity + example: false + uuid: + type: string + description: The unique ID of the account as determined by the account schema + example: slpt.support + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + hasEntitlements: + type: boolean + description: Indicates if the account has entitlements + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createAccount + tags: + - Accounts + summary: Create Account + description: |- + This API submits an account creation task and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - attributes + properties: + attributes: + description: The schema attribute values for the account + type: object + required: + - sourceId + properties: + sourceId: + type: string + description: Target source to create an account + example: 34bfcbe116c9407464af37acbaf7a4dc + additionalProperties: + type: string + example: + sourceId: 34bfcbe116c9407464af37acbaf7a4dc + city: Austin + displayName: John Doe + userName: jdoe + sAMAccountName: jDoe + mail: john.doe@sailpoint.com + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}': + get: + operationId: getAccount + tags: + - Accounts + summary: Account Details + description: |- + This API returns the details for a single account based on the ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:read' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An account object + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + properties: + sourceId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + identityId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + attributes: + type: object + additionalProperties: true + example: + firstName: SailPoint + lastName: Support + displayName: SailPoint Support + authoritative: + type: boolean + description: Indicates if this account is from an authoritative source + example: false + description: + type: string + description: A description of the account + nullable: true + example: null + disabled: + type: boolean + description: Indicates if the account is currently disabled + example: false + locked: + type: boolean + description: Indicates if the account is currently locked + example: false + nativeIdentity: + type: string + example: '552775' + systemAccount: + type: boolean + example: false + uncorrelated: + type: boolean + description: Indicates if this account is not correlated to an identity + example: false + uuid: + type: string + description: The unique ID of the account as determined by the account schema + example: slpt.support + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + hasEntitlements: + type: boolean + description: Indicates if the account has entitlements + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateAccount + tags: + - Accounts + summary: Update Account + description: |- + Use this API to modify the following fields: + * `identityId` + + * `manuallyCorrelated` + + >**NOTE: All other fields can not be modified.** + + The request must provide a JSONPatch payload. + + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /identityId + value: 2c9180845d1edece015d27a975983e21 + responses: + '202': + description: Accepted. Update request accepted and is in progress. + content: + application/json: + schema: + type: object + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putAccount + tags: + - Accounts + summary: Update Account + description: |- + This API submits an account update task and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + >**NOTE: The PUT Account API is designated only for Delimited File sources.** + security: + - oauth2: + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - attributes + properties: + attributes: + description: The schema attribute values for the account + type: object + additionalProperties: true + example: + city: Austin + displayName: John Doe + userName: jdoe + sAMAccountName: jDoe + mail: john.doe@sailpoint.com + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteAccount + tags: + - Accounts + summary: Delete Account + description: |- + This API submits an account delete task and returns the task ID. This operation can only be used on Flat File Sources. Any attempt to execute this request on the source of other type will result in an error response with a status code of 400. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/entitlements': + get: + operationId: getAccountEntitlements + tags: + - Accounts + summary: Account Entitlements + description: |- + This API returns entitlements of the account. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts:read' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An array of account entitlements + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Entitlement object that represents entitlement + properties: + attribute: + description: Name of the entitlement attribute + type: string + example: authorizationType + value: + description: Raw value of the entitlement + type: string + example: 'CN=Users,dc=sailpoint,dc=com' + description: + description: Entitlment description + type: string + example: Active Directory DC + attributes: + description: Entitlement attributes + type: object + additionalProperties: true + example: + GroupType: Security + sAMAccountName: Buyer + sourceSchemaObjectType: + description: Schema objectType on the given application that maps to an Account Group + type: string + example: group + privileged: + description: Determines if this Entitlement is privileged. + type: boolean + example: false + cloudGoverned: + description: Determines if this Entitlement is goverened in the cloud. + type: boolean + example: false + source: + description: Reference to the source this entitlment belongs to. + example: + - type: SOURCE + id: 2c9180835d191a86015d28455b4b232a + name: HR Active Directory + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/reload': + post: + operationId: reloadAccount + tags: + - Accounts + summary: Reload Account + description: |- + This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/enable': + post: + operationId: enableAccount + tags: + - Accounts + summary: Enable Account + description: |- + This API submits a task to enable account and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + description: Request used for account enable/disable + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.' + type: boolean + example: false + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/disable': + post: + operationId: disableAccount + tags: + - Accounts + summary: Disable Account + description: |- + This API submits a task to disable the account and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + description: Request used for account enable/disable + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.' + type: boolean + example: false + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/accounts/{id}/unlock': + post: + operationId: unlockAccount + tags: + - Accounts + summary: Unlock Account + description: |- + This API submits a task to unlock an account and returns the task ID. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:accounts-state:manage' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + description: Request used for account unlock + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + unlockIDNAccount: + description: 'If set, the IDN account is unlocked after the workflow completes.' + type: boolean + example: false + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.' + type: boolean + example: false + responses: + '202': + description: Async task details + content: + application/json: + schema: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /account-activities: + get: + operationId: listAccountActivities + tags: + - Account Activities + summary: List Account Activities + description: This gets a collection of account activities that satisfy the given query parameters. + parameters: + - in: query + name: requested-for + schema: + type: string + description: The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + example: 2c91808568c529c60168cca6f90c1313 + - in: query + name: requested-by + schema: + type: string + description: The identity that requested the activity. *me* indicates the current user. Mutually exclusive with *regarding-identity*. + required: false + example: 2c91808568c529c60168cca6f90c1313 + - in: query + name: regarding-identity + schema: + type: string + description: The specified identity will be either the requester or target of the account activity. *me* indicates the current user. Mutually exclusive with *requested-for* and *requested-by*. + required: false + example: 2c91808568c529c60168cca6f90c1313 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results). + + Filtering is supported for the following fields and operators: + + **type**: *eq, in* (See the `type` property in the response schema for possible values) + + **created**: *gt, lt, ge, le* + + **modified**: *gt, lt, ge, le* + example: type eq "Identity Refresh" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + Sorting is supported for the following fields: **type, created, modified** + example: created + required: false + responses: + '200': + description: List of account activities + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Id of the account activity + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: The name of the activity + example: 2c9180835d2e5168015d32f890ca1581 + created: + description: When the activity was first created + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + description: When the activity was last modified + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + nullable: true + completed: + description: When the activity was completed + type: string + format: date-time + nullable: true + example: '2018-10-19T13:49:37.385Z' + completionStatus: + nullable: true + type: string + description: The status after completion. + enum: + - SUCCESS + - FAILURE + - INCOMPLETE + - PENDING + example: SUCCESS + type: + nullable: true + type: string + example: appRequest + description: | + The type of action the activity performed. Please see the following list of types. This list may grow over time. + + - CloudAutomated + - IdentityAttributeUpdate + - appRequest + - LifecycleStateChange + - AccountStateUpdate + - AccountAttributeUpdate + - CloudPasswordRequest + - Attribute Synchronization Refresh + - Certification + - Identity Refresh + - Lifecycle Change Refresh + + + [Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data). + requesterIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + targetIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + errors: + nullable: true + description: 'A list of error messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' + warnings: + nullable: true + description: 'A list of warning messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'Some warning, another warning' + items: + type: array + description: Individual actions performed as part of this account activity + items: + type: object + properties: + id: + type: string + description: Item id + example: 48c545831b264409a81befcabb0e3c5a + name: + type: string + description: Human-readable display name of item + example: 48c545831b264409a81befcabb0e3c5a + requested: + type: string + format: date-time + description: Date and time item was requested + example: '2017-07-11T18:45:37.098Z' + approvalStatus: + nullable: true + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + provisioningStatus: + type: string + enum: + - PENDING + - FINISHED + - UNVERIFIABLE + - COMMITED + - FAILED + - RETRY + description: Provisioning state of an account activity item + example: PENDING + requesterComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + reviewerIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + reviewerComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + operation: + nullable: true + type: string + enum: + - ADD + - CREATE + - MODIFY + - DELETE + - DISABLE + - ENABLE + - UNLOCK + - LOCK + - REMOVE + description: Represents an operation in an account activity item + example: ADD + attribute: + type: string + description: Attribute to which account activity applies + nullable: true + example: detectedRoles + value: + type: string + description: Value of attribute + nullable: true + example: 'Treasury Analyst [AccessProfile-1529010191212]' + nativeIdentity: + nullable: true + type: string + description: Native identity in the target system to which the account activity applies + example: Sandie.Camero + sourceId: + type: string + description: Id of Source to which account activity applies + example: 2c91808363ef85290164000587130c0c + accountRequestInfo: + type: object + nullable: true + properties: + requestedObjectId: + type: string + description: Id of requested object + example: 2c91808563ef85690164001c31140c0c + requestedObjectName: + type: string + description: Human-readable name of requested object + example: Treasury Analyst + requestedObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + description: 'If an account activity item is associated with an access request, captures details of that request.' + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item' + example: + customKey1: custom value 1 + customKey2: custom value 2 + removeDate: + nullable: true + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + executionStatus: + type: string + description: The current state of execution. + enum: + - EXECUTING + - VERIFYING + - TERMINATED + - COMPLETED + example: COMPLETED + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + example: + customKey1: custom value 1 + customKey2: custom value 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/account-activities/{id}': + get: + operationId: getAccountActivity + tags: + - Account Activities + summary: Get an Account Activity + description: This gets a single account activity by its id. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The account activity id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An account activity object + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: Id of the account activity + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: The name of the activity + example: 2c9180835d2e5168015d32f890ca1581 + created: + description: When the activity was first created + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + description: When the activity was last modified + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + nullable: true + completed: + description: When the activity was completed + type: string + format: date-time + nullable: true + example: '2018-10-19T13:49:37.385Z' + completionStatus: + nullable: true + type: string + description: The status after completion. + enum: + - SUCCESS + - FAILURE + - INCOMPLETE + - PENDING + example: SUCCESS + type: + nullable: true + type: string + example: appRequest + description: | + The type of action the activity performed. Please see the following list of types. This list may grow over time. + + - CloudAutomated + - IdentityAttributeUpdate + - appRequest + - LifecycleStateChange + - AccountStateUpdate + - AccountAttributeUpdate + - CloudPasswordRequest + - Attribute Synchronization Refresh + - Certification + - Identity Refresh + - Lifecycle Change Refresh + + + [Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data). + requesterIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + targetIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + errors: + nullable: true + description: 'A list of error messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' + warnings: + nullable: true + description: 'A list of warning messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'Some warning, another warning' + items: + type: array + description: Individual actions performed as part of this account activity + items: + type: object + properties: + id: + type: string + description: Item id + example: 48c545831b264409a81befcabb0e3c5a + name: + type: string + description: Human-readable display name of item + example: 48c545831b264409a81befcabb0e3c5a + requested: + type: string + format: date-time + description: Date and time item was requested + example: '2017-07-11T18:45:37.098Z' + approvalStatus: + nullable: true + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + provisioningStatus: + type: string + enum: + - PENDING + - FINISHED + - UNVERIFIABLE + - COMMITED + - FAILED + - RETRY + description: Provisioning state of an account activity item + example: PENDING + requesterComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + reviewerIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + reviewerComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + operation: + nullable: true + type: string + enum: + - ADD + - CREATE + - MODIFY + - DELETE + - DISABLE + - ENABLE + - UNLOCK + - LOCK + - REMOVE + description: Represents an operation in an account activity item + example: ADD + attribute: + type: string + description: Attribute to which account activity applies + nullable: true + example: detectedRoles + value: + type: string + description: Value of attribute + nullable: true + example: 'Treasury Analyst [AccessProfile-1529010191212]' + nativeIdentity: + nullable: true + type: string + description: Native identity in the target system to which the account activity applies + example: Sandie.Camero + sourceId: + type: string + description: Id of Source to which account activity applies + example: 2c91808363ef85290164000587130c0c + accountRequestInfo: + type: object + nullable: true + properties: + requestedObjectId: + type: string + description: Id of requested object + example: 2c91808563ef85690164001c31140c0c + requestedObjectName: + type: string + description: Human-readable name of requested object + example: Treasury Analyst + requestedObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + description: 'If an account activity item is associated with an access request, captures details of that request.' + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item' + example: + customKey1: custom value 1 + customKey2: custom value 2 + removeDate: + nullable: true + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + executionStatus: + type: string + description: The current state of execution. + enum: + - EXECUTING + - VERIFYING + - TERMINATED + - COMPLETED + example: COMPLETED + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + example: + customKey1: custom value 1 + customKey2: custom value 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /certifications: + get: + operationId: listIdentityCertifications + tags: + - Certifications + summary: Identity Campaign Certifications by IDs + description: 'This API returns a list of identity campaign certifications that satisfy the given query parameters. Any authenticated token can call this API, but only certifications you are authorized to review will be returned. This API does not support requests for certifications assigned to Governance Groups.' + parameters: + - in: query + name: reviewer-identity + schema: + type: string + example: me + description: The ID of reviewer identity. *me* indicates the current user. + required: false + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + Filtering is supported for the following fields and operators: + **id**: *eq, in* + **campaign.id**: *eq, in* + **phase**: *eq* + **completed**: *eq, ne* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'name,due' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + Sorting is supported for the following fields: **name, due, signed** + responses: + '200': + description: List of identity campaign certifications + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}': + get: + operationId: getIdentityCertification + tags: + - Certifications + summary: Identity Certification by ID + description: This API returns a single identity campaign certification by its ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The certification id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An identity campaign certification object + content: + application/json: + schema: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/access-review-items': + get: + operationId: listIdentityAccessReviewItems + tags: + - Certifications + summary: List of Access Review Items + description: This API returns a list of access review items for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + required: false + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **type / access.type**: *eq* + + **completed**: *eq, ne* + + **identitySummary.id**: *eq, in* + + **identitySummary.name**: *eq, sw* + + **access.id**: *eq, in* + + **access.name**: *eq, sw* + + **entitlement.sourceName**: *eq, sw* + + **accessProfile.sourceName**: *eq, sw* + example: id eq "ef38f94347e94562b5bb8424a56397d8" + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'access.name,-accessProfile.sourceName' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName** + - in: query + name: entitlements + required: false + schema: + type: string + example: identityEntitlement + description: |- + Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs. + + An error will occur if this param is used with **access-profiles** or **roles** as only one of these query params can be used at a time. + - in: query + name: access-profiles + required: false + schema: + type: string + example: accessProfile1 + description: |- + Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs. + + An error will occur if this param is used with **entitlements** or **roles** as only one of these query params can be used at a time. + - in: query + name: roles + required: false + schema: + type: string + example: userRole + description: |- + Filter results to view access review items that pertain to any of the specified comma-separated role IDs. + + An error will occur if this param is used with **entitlements** or **access-profiles** as only one of these query params can be used at a time. + responses: + '200': + description: A list of access review items + content: + application/json: + schema: + type: array + items: + type: object + properties: + accessSummary: + type: object + description: An object holding the access that is being reviewed + properties: + access: + type: object + properties: + type: + description: The type of item being certified + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: The ID of the item being certified + example: 2c9180867160846801719932c5153fb7 + name: + type: string + description: The name of the item being certified + example: Entitlement for Company Database + entitlement: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + accessProfile: + type: object + properties: + id: + type: string + description: The id of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + endDate: + nullable: true + type: string + format: date-time + description: The date at which a user's access expires + example: '2021-12-25T00:00:00.000Z' + owner: + description: Owner of the Access Profile + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlements: + type: array + description: A list of entitlements associated with this Access Profile + items: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + created: + type: string + description: Date the Access Profile was created. + format: date-time + example: '2021-01-01T22:32:58.104Z' + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-02-01T22:32:58.104Z' + role: + type: object + nullable: true + properties: + id: + type: string + description: The id for the Role + example: 2c91808a7190d06e0171993907fd0794 + name: + type: string + description: The name of the Role + example: Accounting-Employees + description: + type: string + description: Information about the Role + example: Role for members of the accounting department with the necessary Access Profiles + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + revocable: + type: boolean + description: Indicates whether the Role can be revoked or requested + example: false + endDate: + type: string + format: date-time + description: The date when a user's access expires. + example: '2021-12-25T00:00:00.000Z' + accessProfiles: + type: array + description: The list of Access Profiles associated with this Role + items: + type: object + properties: + id: + type: string + description: The id of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + endDate: + nullable: true + type: string + format: date-time + description: The date at which a user's access expires + example: '2021-12-25T00:00:00.000Z' + owner: + description: Owner of the Access Profile + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlements: + type: array + description: A list of entitlements associated with this Access Profile + items: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + created: + type: string + description: Date the Access Profile was created. + format: date-time + example: '2021-01-01T22:32:58.104Z' + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-02-01T22:32:58.104Z' + identitySummary: + type: object + properties: + id: + type: string + description: The ID of the identity summary + example: 2c91808772a504f50172a9540e501ba7 + name: + type: string + description: Name of the linked identity + example: Alison Ferguso + identityId: + type: string + description: The ID of the identity being certified + example: 2c9180857182306001719937377a33de + completed: + type: boolean + description: Indicates whether the review items for the linked identity's certification have been completed + example: true + id: + type: string + description: The review item's id + example: ef38f94347e94562b5bb8424a56397d8 + completed: + type: boolean + description: Whether the review item is complete + example: false + newAccess: + type: boolean + description: Indicates whether the review item is for new access to a source + example: false + decision: + type: string + description: The decision to approve or revoke the review item + enum: + - APPROVE + - REVOKE + example: APPROVE + comments: + nullable: true + type: string + description: Comments for this review item + example: This user still needs access to this source + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/decide': + post: + operationId: makeIdentityDecision + tags: + - Certifications + summary: Decide on a Certification Item + description: The API makes a decision to approve or revoke one or more identity campaign certification items. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the identity campaign certification on which to make decisions + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: A non-empty array of decisions to be made. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The id of the review decision + example: ef38f94347e94562b5bb8424a56397d8 + decision: + type: string + description: The decision to approve or revoke the review item + enum: + - APPROVE + - REVOKE + example: APPROVE + proposedEndDate: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: The date at which a user's access should be taken away. Should only be set for `REVOKE` decisions. + bulk: + type: boolean + description: Indicates whether decision should be marked as part of a larger bulk decision + example: true + recommendation: + nullable: true + type: object + properties: + recommendation: + type: string + description: The recommendation from IAI at the time of the decision. This field will be null if no recommendation was made. + example: null + nullable: true + reasons: + type: array + items: + type: string + description: A list of reasons for the recommendation. + example: + - Reason 1 + - Reason 2 + timestamp: + type: string + format: date-time + description: The time at which the recommendation was recorded. + example: '2020-06-01T13:49:37.385Z' + comments: + type: string + description: Comments recorded when the decision was made + example: This user no longer needs access to this source + required: + - id + - decision + - bulk + minItems: 1 + maxItems: 250 + example: + - id: ef38f94347e94562b5bb8424a56396b5 + decision: APPROVE + bulk: true + comments: This user still needs access to this source. + - id: ef38f94347e94562b5bb8424a56397d8 + decision: APPROVE + bulk: true + comments: This user still needs access to this source too. + responses: + '200': + description: An identity campaign certification object + content: + application/json: + schema: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/reassign': + post: + operationId: reassignIdentityCertifications + tags: + - Certifications + summary: Reassign Identities or Items + description: This API reassigns up to 50 identities or items in an identity campaign certification to another reviewer. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + reassign: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of item or identity being reassigned. + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + description: The type of item or identity being reassigned. + enum: + - TARGET_SUMMARY + - ITEM + - IDENTITY_SUMMARY + example: ITEM + required: + - id + - type + reassignTo: + type: string + description: The ID of the identity to which the certification is reassigned + example: ef38f94347e94562b5bb8424a56397d8 + reason: + type: string + description: The reason comment for why the reassign was made + example: reassigned for some reason + required: + - reassign + - reassignTo + - reason + responses: + '200': + description: An identity campaign certification details after completing the reassignment. + content: + application/json: + schema: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/sign-off': + post: + operationId: signOffIdentityCertification + tags: + - Certifications + summary: Finalize Identity Certification Decisions + description: This API finalizes all decisions made on an identity campaign certification and initiates any remediations required. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: An identity campaign certification object + content: + application/json: + schema: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/decision-summary': + get: + operationId: getIdentityDecisionSummary + tags: + - Certification Summaries + summary: Summary of Certification Decisions + description: This API returns a summary of the decisions made on an identity campaign certification. The decisions are summarized by type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: filters + required: false + schema: + type: string + example: identitySummary.id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **identitySummary.id**: *eq, in* + responses: + '200': + description: Summary of the decisions made + content: + application/json: + schema: + type: object + properties: + entitlementDecisionsMade: + type: integer + description: Number of entitlement decisions that have been made + example: 3 + format: int32 + accessProfileDecisionsMade: + type: integer + description: Number of access profile decisions that have been made + example: 5 + format: int32 + roleDecisionsMade: + type: integer + description: Number of role decisions that have been made + example: 2 + format: int32 + accountDecisionsMade: + type: integer + description: Number of account decisions that have been made + example: 4 + format: int32 + entitlementDecisionsTotal: + type: integer + description: 'The total number of entitlement decisions on the certification, both complete and incomplete' + example: 6 + format: int32 + accessProfileDecisionsTotal: + type: integer + description: 'The total number of access profile decisions on the certification, both complete and incomplete' + example: 10 + format: int32 + roleDecisionsTotal: + type: integer + description: 'The total number of role decisions on the certification, both complete and incomplete' + example: 4 + format: int32 + accountDecisionsTotal: + type: integer + description: 'The total number of account decisions on the certification, both complete and incomplete' + example: 8 + format: int32 + entitlementsApproved: + type: integer + description: The number of entitlement decisions that have been made which were approved + example: 2 + format: int32 + entitlementsRevoked: + type: integer + description: The number of entitlement decisions that have been made which were revoked + example: 1 + format: int32 + accessProfilesApproved: + type: integer + description: The number of access profile decisions that have been made which were approved + example: 3 + format: int32 + accessProfilesRevoked: + type: integer + description: The number of access profile decisions that have been made which were revoked + example: 2 + format: int32 + rolesApproved: + type: integer + description: The number of role decisions that have been made which were approved + example: 2 + format: int32 + rolesRevoked: + type: integer + description: The number of role decisions that have been made which were revoked + example: 0 + format: int32 + accountsApproved: + type: integer + description: The number of account decisions that have been made which were approved + example: 1 + format: int32 + accountsRevoked: + type: integer + description: The number of account decisions that have been made which were revoked + example: 3 + format: int32 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/identity-summaries': + get: + operationId: getIdentitySummaries + tags: + - Certification Summaries + summary: Identity Summaries for Campaign Certification + description: This API returns a list of the identity summaries for a specific identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **completed**: *eq, ne* + + **name**: *eq, sw* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: name + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + responses: + '200': + description: List of identity summaries + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of the identity summary + example: 2c91808772a504f50172a9540e501ba7 + name: + type: string + description: Name of the linked identity + example: Alison Ferguso + identityId: + type: string + description: The ID of the identity being certified + example: 2c9180857182306001719937377a33de + completed: + type: boolean + description: Indicates whether the review items for the linked identity's certification have been completed + example: true + example: + - id: 2c91808772a504f50172a9540e501ba7 + name: Aaron Grey + identityId: 2c9180857182306001719937379633e4 + completed: false + - id: 2c91808772a504f50172a9540e501ba8 + name: Aglae Wilson + identityId: 2c9180857182306001719937377a33de + completed: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/access-summaries/{type}': + get: + operationId: getIdentityAccessSummaries + tags: + - Certification Summaries + summary: Access Summaries + description: This API returns a list of access summaries for the specified identity campaign certification and type. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: type + schema: + type: string + enum: + - ROLE + - ACCESS_PROFILE + - ENTITLEMENT + required: true + description: The type of access review item to retrieve summaries for + example: ACCESS_PROFILE + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: access.id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **completed**: *eq, ne* + + **access.id**: *eq, in* + + **access.name**: *eq, sw* + + **entitlement.sourceName**: *eq, sw* + + **accessProfile.sourceName**: *eq, sw* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: access.name + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **access.name** + responses: + '200': + description: List of access summaries + content: + application/json: + schema: + type: array + items: + type: object + description: An object holding the access that is being reviewed + properties: + access: + type: object + properties: + type: + description: The type of item being certified + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: The ID of the item being certified + example: 2c9180867160846801719932c5153fb7 + name: + type: string + description: The name of the item being certified + example: Entitlement for Company Database + entitlement: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + accessProfile: + type: object + properties: + id: + type: string + description: The id of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + endDate: + nullable: true + type: string + format: date-time + description: The date at which a user's access expires + example: '2021-12-25T00:00:00.000Z' + owner: + description: Owner of the Access Profile + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlements: + type: array + description: A list of entitlements associated with this Access Profile + items: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + created: + type: string + description: Date the Access Profile was created. + format: date-time + example: '2021-01-01T22:32:58.104Z' + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-02-01T22:32:58.104Z' + role: + type: object + nullable: true + properties: + id: + type: string + description: The id for the Role + example: 2c91808a7190d06e0171993907fd0794 + name: + type: string + description: The name of the Role + example: Accounting-Employees + description: + type: string + description: Information about the Role + example: Role for members of the accounting department with the necessary Access Profiles + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + revocable: + type: boolean + description: Indicates whether the Role can be revoked or requested + example: false + endDate: + type: string + format: date-time + description: The date when a user's access expires. + example: '2021-12-25T00:00:00.000Z' + accessProfiles: + type: array + description: The list of Access Profiles associated with this Role + items: + type: object + properties: + id: + type: string + description: The id of the Access Profile + example: 2c91808a7190d06e01719938fcd20792 + name: + type: string + description: Name of the Access Profile + example: Employee-database-read-write + description: + type: string + description: Information about the Access Profile + example: Collection of entitlements to read/write the employee database + privileged: + type: boolean + description: Indicates if the entitlement is a privileged entitlement + example: false + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + endDate: + nullable: true + type: string + format: date-time + description: The date at which a user's access expires + example: '2021-12-25T00:00:00.000Z' + owner: + description: Owner of the Access Profile + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + entitlements: + type: array + description: A list of entitlements associated with this Access Profile + items: + type: object + nullable: true + properties: + id: + type: string + description: The id for the entitlement + example: 2c918085718230600171993742c63558 + name: + type: string + description: The name of the entitlement + example: CN=entitlement.bbb7c650 + description: + nullable: true + type: string + description: Information about the entitlement + example: Gives read/write access to the company database + privileged: + type: boolean + example: false + description: Indicates if the entitlement is a privileged entitlement + owner: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + attributeName: + type: string + description: The name of the attribute on the source + example: memberOf + attributeValue: + type: string + description: The value of the attribute on the source + example: CN=entitlement.bbb7c650 + sourceSchemaObjectType: + type: string + description: The schema object type on the source used to represent the entitlement and its attributes + example: groups + sourceName: + type: string + description: The name of the source for which this entitlement belongs + example: ODS-AD-Source + sourceType: + type: string + description: The type of the source for which the entitlement belongs + example: Active Directory - Direct + hasPermissions: + type: boolean + description: Indicates if the entitlement has permissions + example: false + isPermission: + type: boolean + description: Indicates if the entitlement is a representation of an account permission + example: false + revocable: + type: boolean + description: Indicates whether the entitlement can be revoked + example: true + cloudGoverned: + type: boolean + description: True if the entitlement is cloud governed + example: false + account: + type: object + nullable: true + description: Information about the status of the entitlement + properties: + nativeIdentity: + type: string + description: The native identity for this account + example: CN=Alison Ferguso + disabled: + type: boolean + example: false + description: Indicates whether this account is currently disabled + locked: + type: boolean + example: false + description: Indicates whether this account is currently locked + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + nullable: true + type: string + description: The id associated with the account + example: 2c9180857182305e0171993737eb29e6 + name: + nullable: true + type: string + description: The account name + example: Alison Ferguso + created: + nullable: true + type: string + format: date-time + description: When the account was created + example: '2020-04-20T20:11:05.067Z' + modified: + nullable: true + type: string + format: date-time + description: When the account was last modified + example: '2020-05-20T18:57:16.987Z' + created: + type: string + description: Date the Access Profile was created. + format: date-time + example: '2021-01-01T22:32:58.104Z' + modified: + type: string + description: Date the Access Profile was last modified. + format: date-time + example: '2021-02-01T22:32:58.104Z' + example: + - access: + type: ENTITLEMENT + id: 2c9180857182305e01719937429e2bad + name: CN=Engineering + entitlement: + id: 2c9180857182305e01719937429e2bad + name: CN=Engineering + description: Access to the engineering database + privileged: false + owner: + email: brandon.gray@acme-solar.com + type: IDENTITY + id: 2c9180867160846801719932c5153fb7 + name: Brandon Gray + attributeName: memberOf + attributeValue: CN=Engineering + sourceName: ODS-AD-Source + hasPermissions: true + revocable: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/certifications/{id}/identity-summary/{identitySummaryId}': + get: + operationId: getIdentitySummary + tags: + - Certification Summaries + summary: Summary for Identity + description: This API returns the summary for an identity on a specified identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The identity campaign certification ID + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: identitySummaryId + schema: + type: string + required: true + description: The identity summary ID + example: 2c91808772a504f50172a9540e501ba8 + responses: + '200': + description: An identity summary + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the identity summary + example: 2c91808772a504f50172a9540e501ba7 + name: + type: string + description: Name of the linked identity + example: Alison Ferguso + identityId: + type: string + description: The ID of the identity being certified + example: 2c9180857182306001719937377a33de + completed: + type: boolean + description: Indicates whether the review items for the linked identity's certification have been completed + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identities/{identity-id}/set-lifecycle-state': + post: + operationId: setLifecycleState + tags: + - Lifecycle States + summary: Set Lifecycle State + description: |- + This endpoint will set/update an identity's lifecycle state to the one provided and updates the corresponding Identity Profile. + A token with ORG_ADMIN or API authority is required to call this API. + security: + - oauth2: + - 'idn:identity-lifecycle-state:update' + parameters: + - in: path + name: identity-id + description: The ID of the identity to update + required: true + example: 2c9180857893f1290178944561990364 + schema: + type: string + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + lifecycleStateId: + type: string + description: The ID of the lifecycle state to set + example: 2c9180877a86e408017a8c19fefe046c + responses: + '200': + description: The request was successfully accepted into the system. + content: + application/json: + schema: + type: object + properties: + accountActivityId: + type: string + example: 2c9180837ab5b716017ab7c6c9ef1e20 + description: The ID of the IdentityRequest object that was generated when the workflow launches + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identity-profiles/{identity-profile-id}/lifecycle-states': + get: + operationId: listLifecycleStates + tags: + - Lifecycle States + summary: Lists LifecycleStates + description: |- + This end-point lists all the LifecycleStates associated with IdentityProfiles. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:read' + parameters: + - in: path + name: identity-profile-id + description: The IdentityProfile id + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'created,modified' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **created, modified** + responses: + '200': + description: List of LifecycleState objects + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createLifecycleState + tags: + - Lifecycle States + summary: Create Lifecycle State + description: |- + This API creates a new Lifecycle State. + A token with ORG_ADMIN or API authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:create' + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + description: Lifecycle State + required: true + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + responses: + '201': + description: Created LifecycleState object. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/identity-profiles/{identity-profile-id}/lifecycle-states/{lifecycle-state-id}': + get: + operationId: getLifecycleState + tags: + - Lifecycle States + summary: Retrieves Lifecycle State + description: |- + This endpoint retrieves a Lifecycle State. + A token with ORG_ADMIN or API authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:read' + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + - in: path + name: lifecycle-state-id + description: Lifecycle State ID + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: The requested LifecycleState was successfully retrieved. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateLifecycleStates + tags: + - Lifecycle States + summary: Update Lifecycle State + description: |- + This endpoint updates individual Lifecycle State fields using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + A token with ORG_ADMIN or API authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:update' + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + - in: path + name: lifecycle-state-id + description: Lifecycle State ID + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of lifecycle state update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields can be updated: + * enabled + * description + * accountActions + * accessProfileIds + * emailNotificationOption + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /description + value: Updated description! + - op: replace + path: /accessProfileIds + value: + - 2c918087742bab150174407a80f3125e + - 2c918087742bab150174407a80f3124f + - op: replace + path: /accountActions + value: + - action: ENABLE + sourceIds: + - 2c9180846a2f82fb016a481c1b1560c5 + - 2c9180846a2f82fb016a481c1b1560cc + - action: DISABLE + sourceIds: + - 2c91808869a0c9980169a207258513fb + - op: replace + path: /emailNotificationOption + value: + notifyManagers: true + notifyAllAdmins: false + notifySpecificUsers: false + emailAddressList: [] + responses: + '200': + description: The LifecycleState was successfully updated. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - technicalName + properties: + enabled: + type: boolean + example: true + description: Whether the lifecycle state is enabled or disabled. + technicalName: + type: string + example: Technical Name + description: The technical name for lifecycle state. This is for internal use. + description: + type: string + example: Lifecycle description + description: Lifecycle state description. + identityCount: + type: integer + format: int32 + example: 42 + readOnly: true + description: Number of identities that have the lifecycle state. + emailNotificationOption: + type: object + description: This is used for representing email configuration for a lifecycle state + properties: + notifyManagers: + type: boolean + example: true + description: 'If true, then the manager is notified of the lifecycle state change.' + notifyAllAdmins: + type: boolean + example: true + description: 'If true, then all the admins are notified of the lifecycle state change.' + notifySpecificUsers: + type: boolean + example: true + description: 'If true, then the users specified in "emailAddressList" below are notified of lifecycle state change.' + emailAddressList: + type: array + example: + - test@test.com + - test2@test.com + items: + type: string + description: 'List of user email addresses. If "notifySpecificUsers" option is true, then these users are notified of lifecycle state change.' + accountActions: + type: array + items: + type: object + description: Object for specifying Actions to be performed on a specified list of sources' account. + properties: + action: + example: ENABLE + type: string + description: Describes if action will be enabled or disabled + enum: + - ENABLE + - DISABLE + sourceIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique source IDs. The sources must have the ENABLE feature or flat file source. See "/sources" endpoint for source features. + accessProfileIds: + type: array + items: + type: string + uniqueItems: true + example: + - 2c918084660f45d6016617daa9210584 + - 2c918084660f45d6016617daa9210500 + description: List of unique access-profile IDs that are associated with the lifecycle state. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteLifecycleState + tags: + - Lifecycle States + summary: Delete Lifecycle State by ID + description: |- + This endpoint deletes the Lifecycle State using it's ID. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:identity-profile-lifecycle-state:delete' + parameters: + - in: path + name: identity-profile-id + description: Identity Profile ID + required: true + schema: + type: string + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + - in: path + name: lifecycle-state-id + description: Lifecycle State ID + required: true + schema: + type: string + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '202': + description: The request was successfully accepted into the system. + content: + application/json: + schema: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /identity-profiles: + get: + operationId: listIdentityProfiles + tags: + - Identity Profiles + summary: Identity Profiles List + description: |- + This returns a list of Identity Profiles based on the specified query parameters. + A token with ORG_ADMIN or API authority is required to call this API to get a list of Identity Profiles. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, ne* + + **name**: *eq, ne* + + **priority**: *eq, ne* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'id,name' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **id**, **name**, **priority** + responses: + '200': + description: List of identityProfiles. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:read' + /identity-profiles/export: + get: + operationId: exportIdentityProfiles + tags: + - Identity Profiles + summary: Export Identity Profiles + description: This exports existing identity profiles in the format specified by the sp-config service. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + required: false + schema: + type: string + example: id eq "ef38f94347e94562b5bb8424a56397d8" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, ne* + + **name**: *eq, ne* + + **priority**: *eq, ne* + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'id,name' + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **id**, **name**, **priority** + responses: + '200': + description: List of export objects with identity profiles. + content: + application/json: + schema: + type: array + items: + type: object + description: Identity Profile exported object + properties: + version: + type: integer + example: 1 + description: Version or object from the target service. + format: int32 + self: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + object: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:read' + /identity-profiles/import: + post: + operationId: importIdentityProfiles + summary: Import Identity Profiles + description: This imports previously exported identity profiles. + tags: + - Identity Profiles + requestBody: + description: Previously exported Identity Profiles. + required: true + content: + application/json: + schema: + type: array + items: + type: object + description: Identity Profile exported object + properties: + version: + type: integer + example: 1 + description: Version or object from the target service. + format: int32 + self: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + object: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + example: true + responses: + '200': + description: The result of importing Identity Profiles. + content: + application/json: + schema: + type: object + title: Import Object Response Body + description: Response model for import of a single object. + properties: + infos: + description: Informational messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: true + example: + details: message details + required: + - key + - text + - details + warnings: + description: Warning messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: true + example: + details: message details + required: + - key + - text + - details + errors: + description: Error messages returned from the target service on import. + type: array + items: + type: object + title: Config Import/Export Message + description: Message model for Config Import/Export. + properties: + key: + type: string + description: Message key. + example: UNKNOWN_REFERENCE_RESOLVER + text: + type: string + description: Message text. + example: 'Unable to resolve reference for object [type: IDENTITY, id: 2c91808c746e9c9601747d6507332ecz, name: random identity]' + details: + type: object + description: 'Message details if any, in key:value pairs.' + additionalProperties: true + example: + details: message details + required: + - key + - text + - details + importedObjects: + description: References to objects that were created or updated by the import. + type: array + items: + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + required: + - infos + - warnings + - errors + - importedObjects + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:create' + '/identity-profiles/{identity-profile-id}': + get: + operationId: getIdentityProfile + tags: + - Identity Profiles + summary: Get single Identity Profile + description: |- + This returns a single Identity Profile based on ID. + A token with ORG_ADMIN or API authority is required to call this API. + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + responses: + '200': + description: An Identity Profile object. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + example: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile:read' + '/identity-profiles/{identity-profile-id}/default-identity-attribute-config': + get: + operationId: getDefaultIdentityAttributeConfig + tags: + - Identity Profiles + summary: Get default Identity Attribute Config + description: |- + This returns the default identity attribute config. + A token with ORG_ADMIN authority is required to call this API to get the default identity attribute config. + parameters: + - in: path + name: identity-profile-id + schema: + type: string + format: uuid + required: true + description: The Identity Profile ID. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + responses: + '200': + description: An Identity Attribute Config object. + content: + application/json: + schema: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:identity-profile-default-mapping:read' + /non-employee-records: + post: + operationId: createNonEmployeeRecord + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Record + description: |- + This request will create a non-employee record. + Requires role context of `idn:nesr:create` + requestBody: + description: Non-Employee record creation request body. + required: true + content: + application/json: + schema: + type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.' + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + required: + - accountName + - firstName + - lastName + - email + - phone + - manager + - sourceId + - startDate + - endDate + responses: + '200': + description: Created non-employee record. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listNonEmployeeRecords + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: List Non-Employee Records + description: |- + This gets a list of non-employee records. There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:read`, in which case they can get a list of all of the non-employees. + 2. The user is an account manager, in which case they can get a list of the non-employees that they manage. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'accountName,sourceId' + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **id, accountName, sourceId, manager, firstName, lastName, email, phone, startDate, endDate, created, modified**' + - in: query + name: filters + required: false + schema: + type: string + example: sourceId eq "2c91808568c529c60168cca6f90c1313" + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"' + responses: + '200': + description: Non-Employee record objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-records/{id}': + get: + operationId: getNonEmployeeRecord + tags: + - Non-Employee Lifecycle Management + summary: Get a Non-Employee Record + description: |- + This gets a non-employee record. + Requires role context of `idn:nesr:read` + parameters: + - in: path + name: id + description: Non-Employee record id (UUID) + required: true + example: ef38f94347e94562b5bb8424a56397d8 + schema: + type: string + responses: + '200': + description: Non-Employee record object + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updateNonEmployeeRecord + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Update Non-Employee Record + description: |- + This request will update a non-employee record. There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:update`, in which case they + update all available fields. + 2. The user is owner of the source, in this case they can only update the + end date. + parameters: + - in: path + name: id + description: Non-employee record id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + required: true + schema: + type: string + requestBody: + description: Non-employee record creation request body. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields. + required: true + content: + application/json: + schema: + type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.' + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + required: + - accountName + - firstName + - lastName + - email + - phone + - manager + - sourceId + - startDate + - endDate + responses: + '200': + description: An updated non-employee record. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchNonEmployeeRecord + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Patch Non-Employee Record + description: |- + This request will patch a non-employee record. There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:update`, in which case they + update all available fields. + 2. The user is owner of the source, in this case they can only update the + end date. + parameters: + - in: path + name: id + description: Non-employee record id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + required: true + schema: + type: string + requestBody: + description: 'A list of non-employee update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Attributes are restricted by user type. Owner of source can update end date. Organization admins can update all available fields.' + required: true + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /endDate + value: '2019-08-23T18:40:35.772Z' + responses: + '200': + description: A patched non-employee record. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee record id. + example: ef38f94347e94562b5bb8424a56397d8 + accountName: + type: string + description: Requested identity account name. + example: Abby.Smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2019-08-23T18:52:59.162Z' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2020-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeRecord + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Record + description: |- + This request will delete a non-employee record. + Requires role context of `idn:nesr:delete` + parameters: + - in: path + name: id + description: Non-Employee record id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + required: true + schema: + type: string + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-records/bulk-delete: + post: + operationId: deleteNonEmployeeRecordsInBulk + tags: + - Non-Employee Lifecycle Management + summary: Delete Multiple Non-Employee Records + description: 'This request will delete multiple non-employee records based on the non-employee ids provided. Requires role context of `idn:nesr:delete`' + requestBody: + description: Non-Employee bulk delete request body. + required: true + content: + application/json: + schema: + type: object + properties: + ids: + description: List of non-employee ids. + type: array + items: + type: string + format: uuid + example: + - 2b838de9-db9b-abcf-e646-d4f274ad4238 + - 2d838de9-db9b-abcf-e646-d4f274ad4238 + required: + - ids + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-requests: + post: + operationId: createNonEmployeeRequest + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Request + description: 'This request will create a non-employee request and notify the approver. Requires role context of `idn:nesr:create` or the user must own the source.' + requestBody: + description: Non-Employee creation request body + required: true + content: + application/json: + schema: + type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + sourceId: + type: string + description: Non-Employee's source id. + example: 2c91808568c529c60168cca6f90c1313 + data: + type: object + additionalProperties: + type: string + description: 'Attribute blob/bag for a non-employee, 10 attributes is the maximum size supported.' + example: + description: Auditing + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + required: + - accountName + - firstName + - lastName + - email + - phone + - manager + - sourceId + - startDate + - endDate + responses: + '200': + description: Non-Employee request creation object + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + approvalItems: + description: List of approval item for the request + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + comment: + type: string + description: comment of requester + example: approved + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + 400.1 Bad Request Content: + description: Response for bad request content + value: + detailCode: 400.1 Bad Request Content + trackingId: e7eab60924f64aa284175b9fa3309599 + messages: + - locale: en + localeOrigin: REQUEST + text: firstName is required; accountName is required; + 400.1.409 Reference conflict: + description: Response for reference conflict + value: + detailCode: 400.1.409 Reference conflict + trackingId: e7eab60924f64aa284175b9fa3309599 + messages: + - locale: en + localeOrigin: REQUEST + text: Unable to create Non-Employee because the accountName "existed" is already being used. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listNonEmployeeRequests + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: List Non-Employee Requests + description: |- + This gets a list of non-employee requests. There are two contextual uses for the `requested-for` path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request a list non-employee requests assigned to a particular account manager by passing in that manager's id. + 2. The current user is an account manager, in which case "me" should be + provided as the `requested-for` value. This will provide the user with a list of the non-employee requests in the source(s) he or she manages. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: requested-for + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + description: The identity for whom the request was made. *me* indicates the current user. + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'created,approvalStatus' + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, approvalStatus, firstName, lastName, email, phone, accountName, startDate, endDate**' + - in: query + name: filters + required: false + schema: + type: string + example: sourceId eq "2c91808568c529c60168cca6f90c1313" + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **sourceId**: *eq* *Example:* sourceId eq "2c91808568c529c60168cca6f90c1313"' + responses: + '200': + description: List of non-employee request objects. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + approvalItems: + description: List of approval item for the request + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + comment: + type: string + description: comment of requester + example: approved + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-requests/{id}': + get: + operationId: getNonEmployeeRequest + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get a Non-Employee Request + description: |- + This gets a non-employee request. + There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:read`, in this case the user + can get the non-employee request for any user. + 2. The user must be the owner of the non-employee request. + parameters: + - in: path + name: id + description: Non-Employee request id (UUID) + example: ac110005-7156-1150-8171-5b292e3e0084 + required: true + schema: + type: string + responses: + '200': + description: Non-Employee request object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + approvalItems: + description: List of approval item for the request + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + comment: + type: string + description: comment of requester + example: approved + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date-time + description: Non-Employee employment start date. + example: '2020-03-24T00:00:00-05:00' + endDate: + type: string + format: date-time + description: Non-Employee employment end date. + example: '2021-03-25T00:00:00-05:00' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeRequest + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Request + description: |- + This request will delete a non-employee request. + Requires role context of `idn:nesr:delete` + parameters: + - in: path + name: id + description: Non-Employee request id in the UUID format + required: true + schema: + type: string + format: uuid + example: ac110005-7156-1150-8171-5b292e3e0084 + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-requests/summary/{requested-for}': + get: + operationId: getNonEmployeeRequestSummary + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get Summary of Non-Employee Requests + description: |- + This request will retrieve a summary of non-employee requests. There are two contextual uses for the `requested-for` path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request a summary of all non-employee approval requests assigned to a particular account manager by passing in that manager's id. + 2. The current user is an account manager, in which case "me" should be + provided as the `requested-for` value. This will provide the user with a summary of the non-employee requests in the source(s) he or she manages. + parameters: + - in: path + name: requested-for + description: The identity (UUID) of the non-employee account manager for whom the summary is being retrieved. Use "me" instead to indicate the current user. + required: true + schema: + type: string + format: uuid (if user is Org Admin) + example: 2c91808280430dfb0180431a59440460 + responses: + '200': + description: Non-Employee request summary object. + content: + application/json: + schema: + type: object + properties: + approved: + type: integer + description: The number of approved non-employee requests on all sources that *requested-for* user manages. + example: 2 + format: int32 + rejected: + type: integer + description: The number of rejected non-employee requests on all sources that *requested-for* user manages. + example: 2 + format: int32 + pending: + type: integer + description: The number of pending non-employee requests on all sources that *requested-for* user manages. + example: 2 + format: int32 + nonEmployeeCount: + type: integer + description: The number of non-employee records on all sources that *requested-for* user manages. + example: 2 + format: int32 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-sources: + post: + operationId: createNonEmployeeSource + tags: + - Non-Employee Lifecycle Management + summary: Create Non-Employee Source + description: 'This request will create a non-employee source. Requires role context of `idn:nesr:create`' + requestBody: + description: Non-Employee source creation request body. + required: true + content: + application/json: + schema: + type: object + properties: + name: + type: string + description: Name of non-employee source. + example: Retail + description: + type: string + description: Description of non-employee source. + example: Source description + owner: + description: Owner of non-employee source. + type: object + properties: + id: + type: string + format: UUID + description: Identity id. + example: 2c91808570313110017040b06f344ec9 + required: + - id + managementWorkgroup: + type: string + description: The ID for the management workgroup that contains source sub-admins + example: '123299' + approvers: + description: List of approvers. + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Identity id. + example: 2c91808570313110017040b06f344ec9 + required: + - id + maxItems: 3 + accountManagers: + description: List of account managers. + type: array + items: + type: object + properties: + id: + type: string + format: UUID + description: Identity id. + example: 2c91808570313110017040b06f344ec9 + required: + - id + maxItems: 10 + required: + - owner + - name + - description + responses: + '200': + description: Created non-employee source. + content: + application/json: + schema: + allOf: + - allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + cloudExternalId: + type: string + description: Legacy ID used for sources from the V1 API. This attribute will be removed from a future version of the API and will not be considered a breaking change. No clients should rely on this ID always being present. + example: '99999' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + operationId: listNonEmployeeSources + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: List Non-Employee Sources + description: |- + This gets a list of non-employee sources. There are two contextual uses for the requested-for path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request a list sources assigned to a particular account manager by passing in that manager's id. + 2. The current user is an account manager, in which case "me" should be + provided as the `requested-for` value. This will provide the user with a list of the sources that he or she owns. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: requested-for + required: true + schema: + type: string + example: me + description: The identity for whom the request was made. *me* indicates the current user. + - in: query + name: non-employee-count + required: false + example: true + schema: + type: boolean + description: The flag to determine whether return a non-employee count associate with source. + - in: query + name: sorters + required: false + schema: + type: string + format: comma-separated + example: 'name,created' + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **name, created**' + responses: + '200': + description: List of non-employee sources objects. + content: + application/json: + schema: + type: array + items: + allOf: + - allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeCount: + type: integer + description: Number of non-employee records associated with this source. + format: int32 + example: 120 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{sourceId}': + get: + operationId: getNonEmployeeSource + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get a Non-Employee Source + description: |- + This gets a non-employee source. There are two contextual uses for the requested-for path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request any source. + 2. The current user is an account manager, in which case the user can only + request sources that they own. + parameters: + - in: path + name: sourceId + description: Source Id + example: 2c91808b7c28b350017c2a2ec5790aa1 + required: true + schema: + type: string + responses: + '200': + description: Non-Employee source object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchNonEmployeeSource + tags: + - Non-Employee Lifecycle Management + summary: Patch a Non-Employee Source + description: 'patch a non-employee source. (partial update)
Patchable field: **name, description, approvers, accountManagers** Requires role context of `idn:nesr:update`.' + parameters: + - in: path + name: sourceId + description: Source Id + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + requestBody: + description: 'A list of non-employee source update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.' + required: true + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /name + value: + new name: null + - op: replace + path: /approvers + value: + - 2c91809f703bb37a017040a2fe8748c7 + - 48b1f463c9e8427db5a5071bd81914b8 + responses: + '200': + description: A patched non-employee source object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + approvers: + description: List of approvers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountManagers: + description: List of account managers + type: array + items: + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeSource + tags: + - Non-Employee Lifecycle Management + summary: Delete Non-Employee Source + description: 'This request will delete a non-employee source. Requires role context of `idn:nesr:delete`.' + parameters: + - in: path + name: sourceId + description: Source Id + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/non-employees/download': + get: + operationId: exportNonEmployeeRecords + tags: + - Non-Employee Lifecycle Management + summary: Exports Non-Employee Records to CSV + description: 'This requests a CSV download for all non-employees from a provided source. Requires role context of `idn:nesr:read`' + parameters: + - in: path + name: id + description: Source Id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + responses: + '200': + description: Exported CSV + content: + text/csv: + example: | + accountName,firstName,lastName,phone,email,manager,startDate,endDate + Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 + William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00,2020-08-07T19:00:00-10:00 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/non-employee-bulk-upload': + post: + operationId: uploadNonEmployeeRecordsInBulk + tags: + - Non-Employee Lifecycle Management + summary: 'Imports, or Updates, Non-Employee Records' + description: 'This post will import, or update, Non-Employee records found in the CSV. Requires role context of `idn:nesr:create`' + parameters: + - in: path + name: id + description: Source Id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + requestBody: + description: The form-data "name" attribute for the file content must be "data". See the schema specification. + content: + multipart/form-data: + schema: + type: object + properties: + data: + type: string + format: base64 + required: + - data + example: + data: 'accountName,firstName,lastName,phone,email,manager,startDate,endDate Jon.Smith, Jon, Smith, 555-555-5555, jon@jon.doe.nope.com, Jim Smith, 2020-04-05T08:00:00-10:00, 2020-08-07T19:00:00-10:00 William.Chaffin, William, Chaffin, 555-555-5555, william@chaffins.nope.com, Bertram Chaffin, 2020-04-05T08:00:00-10:00, 2020-08-07T19:00:00-10:00' + responses: + '202': + description: The CSV was accepted to be bulk inserted now or at a later time. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The bulk upload job's ID. (UUID) + example: 2c91808568c529c60168cca6f90cffff + sourceId: + type: string + description: The ID of the source to bulk-upload non-employees to. (UUID) + example: 2c91808568c529c60168cca6f90c1313 + created: + type: string + format: date-time + description: The date-time the job was submitted. + example: '2019-08-23T18:52:59.162Z' + modified: + type: string + format: date-time + description: The date-time that the job was last updated. + example: '2019-08-23T18:52:59.162Z' + status: + type: string + enum: + - PENDING + - IN_PROGRESS + - COMPLETED + - ERROR + description: | + Returns the following values indicating the progress or result of the bulk upload job. + "PENDING" means the job is queued and waiting to be processed. + "IN_PROGRESS" means the job is currently being processed. + "COMPLETED" means the job has been completed without any errors. + "ERROR" means the job failed to process with errors. + example: PENDING + '400': + description: | + Client Error - Returned if the request body is invalid. + The response body will contain the list of specific errors with one on each line. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/non-employee-bulk-upload/status': + get: + operationId: getNonEmployeeBulkUploadStatus + tags: + - Non-Employee Lifecycle Management + summary: Obtain the status of bulk upload on the source + description: | + The nonEmployeeBulkUploadStatus API returns the status of the newest bulk upload job for the specified source. + Requires role context of `idn:nesr:read` + parameters: + - in: path + name: id + description: Source ID (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + responses: + '200': + description: 'Status of the newest bulk-upload job, if any.' + content: + application/json: + schema: + type: object + properties: + status: + type: string + enum: + - PENDING + - IN_PROGRESS + - COMPLETED + - ERROR + description: | + Returns the following values indicating the progress or result of the bulk upload job. + "PENDING" means the job is queued and waiting to be processed. + "IN_PROGRESS" means the job is currently being processed. + "COMPLETED" means the job has been completed without any errors. + "ERROR" means the job failed to process with errors. + null means job has been submitted to the source. + example: PENDING + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{id}/schema-attributes-template/download': + get: + operationId: exportNonEmployeeSourceSchemaTemplate + tags: + - Non-Employee Lifecycle Management + summary: Exports Source Schema Template + description: 'This requests a download for the Source Schema Template for a provided source. Requires role context of `idn:nesr:read`' + parameters: + - in: path + name: id + description: Source Id (UUID) + required: true + example: ef38f94347e94562b5bb8424a56397d8 + schema: + type: string + responses: + '200': + description: Exported Source Schema Template + content: + text/csv: + example: | + accountName,firstName,lastName,phone,email,manager,startDate,endDate + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /non-employee-approvals: + get: + operationId: listNonEmployeeApprovals + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get List of Non-Employee Approval Requests + description: |- + This gets a list of non-employee approval requests. + There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:read`, in which case they + can list the approvals for any approver. + 2. The user owns the requested approval. + parameters: + - in: query + name: requested-for + schema: + type: string + description: The identity for whom the request was made. *me* indicates the current user. + required: false + example: 2c91808280430dfb0180431a59440460 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: 'Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407) Filtering is supported for the following fields and operators: **approvalStatus**: *eq* *Example:* approvalStatus eq "PENDING"' + example: approvalStatus eq "Pending" + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://community.sailpoint.com/t5/IdentityNow-Wiki/V3-API-Standard-Collection-Parameters/ta-p/156407#toc-hId-2058949) Sorting is supported for the following fields: **created, modified**' + required: false + example: created + responses: + '200': + description: List of approval items. + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + example: ac110005-7156-1150-8171-5b292e3e0084 + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/{id}': + get: + operationId: getNonEmployeeApproval + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get a non-employee approval item detail + description: |- + Gets a non-employee approval item detail. There are two contextual uses for this endpoint: + 1. The user has the role context of `idn:nesr:read`, in which case they + can get any approval. + 2. The user owns the requested approval. + parameters: + - in: path + name: id + description: Non-Employee approval item id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + - in: query + name: include-detail + description: The object nonEmployeeRequest will not be included detail when set to false. *Default value is true* + required: false + schema: + type: boolean + example: true + responses: + '200': + description: Non-Employee approval item object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + description: Non-Employee request associated to this approval + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + example: ac110005-7156-1150-8171-5b292e3e0084 + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + - type: object + properties: + accountName: + type: string + description: Requested identity account name. + example: william.smith + firstName: + type: string + description: Non-Employee's first name. + example: William + lastName: + type: string + description: Non-Employee's last name. + example: Smith + email: + type: string + description: Non-Employee's email. + example: william.smith@example.com + phone: + type: string + description: Non-Employee's phone. + example: '5555555555' + manager: + type: string + description: The account ID of a valid identity to serve as this non-employee's manager. + example: jane.doe + nonEmployeeSource: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee source id. + example: a0303682-5e4a-44f7-bdc2-6ce6112549c1 + sourceId: + type: string + description: Source Id associated with this non-employee source. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Source name associated with this non-employee source. + example: Retail + description: + type: string + description: Source description associated with this non-employee source. + example: Source description + - type: object + properties: + schemaAttributes: + description: List of schema attributes associated with this non-employee source. + type: array + items: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + data: + type: object + additionalProperties: + type: string + description: Attribute blob/bag for a non-employee. + example: + description: Auditing + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + comment: + type: string + description: comment of requester + example: approved + completionDate: + type: string + format: date-time + description: When the request was completely approved. + example: '2020-03-24T11:11:41.139-05:00' + startDate: + type: string + format: date + description: Non-Employee employment start date. + example: '2020-03-24' + endDate: + type: string + format: date + description: Non-Employee employment end date. + example: '2021-03-25' + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2020-03-24T11:11:41.139-05:00' + created: + type: string + format: date-time + description: When the request was created. + example: '2020-03-24T11:11:41.139-05:00' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/{id}/approve': + post: + operationId: approveNonEmployeeRequest + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Approve a Non-Employee Request + description: Approves a non-employee approval request and notifies the next approver. The current user must be the requested approver. + parameters: + - in: path + name: id + description: Non-Employee approval item id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Comment on the approval item. + maxLength: 4000 + example: Approved by manager + responses: + '200': + description: Non-Employee approval item object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + example: ac110005-7156-1150-8171-5b292e3e0084 + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/{id}/reject': + post: + operationId: rejectNonEmployeeRequest + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Reject a Non-Employee Request + description: This endpoint will reject an approval item request and notify user. The current user must be the requested approver. + parameters: + - in: path + name: id + description: Non-Employee approval item id (UUID) + required: true + schema: + type: string + example: e136567de87e4d029e60b3c3c55db56d + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + comment: + type: string + description: Comment on the approval item. + maxLength: 4000 + example: approved + required: + - comment + responses: + '200': + description: Non-Employee approval item object. + content: + application/json: + schema: + allOf: + - type: object + properties: + id: + type: string + format: UUID + description: Non-Employee approval item id + example: 2c1e388b-1e55-4b0a-ab5c-897f1204159c + approver: + description: Reference to the associated Identity + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + accountName: + type: string + description: Requested identity account name + example: test.account + approvalStatus: + type: string + enum: + - APPROVED + - REJECTED + - PENDING + - NOT_READY + - CANCELLED + description: Enum representing the non-employee request approval status + example: APPROVED + approvalOrder: + type: number + description: Approval order + example: 1 + format: float + comment: + type: string + description: comment of approver + example: I approve + modified: + type: string + format: date-time + description: When the request was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the request was created. + example: '2019-08-23T18:40:35.772Z' + - type: object + properties: + nonEmployeeRequest: + type: object + properties: + id: + type: string + format: UUID + description: Non-Employee request id. + example: ac110005-7156-1150-8171-5b292e3e0084 + requester: + example: + type: IDENTITY + id: 2c9180866166b5b0016167c32ef31a66 + name: William Smith + type: object + properties: + type: + type: string + enum: + - GOVERNANCE_GROUP + - IDENTITY + example: IDENTITY + description: Identifies if the identity is a normal identity or a governance group + id: + type: string + description: Identity id + example: 5168015d32f890ca15812c9180835d2e + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-approvals/summary/{requested-for}': + get: + operationId: getNonEmployeeApprovalSummary + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get Summary of Non-Employee Approval Requests + description: |- + This request will retrieve a summary of non-employee approval requests. There are two contextual uses for the `requested-for` path parameter: + 1. The user has the role context of `idn:nesr:read`, in which case he or + she may request a summary of all non-employee approval requests assigned to a particular approver by passing in that approver's id. + 2. The current user is an approver, in which case "me" should be provided + as the `requested-for` value. This will provide the approver with a summary of the approval items assigned to him or her. + parameters: + - in: path + name: requested-for + schema: + type: string + description: The identity (UUID) of the approver for whom for whom the summary is being retrieved. Use "me" instead to indicate the current user. + required: true + example: 2c91808280430dfb0180431a59440460 + responses: + '200': + description: summary of non-employee approval requests + content: + application/json: + schema: + type: object + properties: + approved: + type: integer + description: The number of approved non-employee approval requests. + format: int32 + example: 2 + pending: + type: integer + description: The number of pending non-employee approval requests. + format: int32 + example: 2 + rejected: + type: integer + description: The number of rejected non-employee approval requests. + format: int32 + example: 2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{sourceId}/schema-attributes': + get: + operationId: getNonEmployeeSourceSchemaAttributes + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: List Schema Attributes Non-Employee Source + description: |- + This API gets the list of schema attributes for the specified Non-Employee SourceId. There are 8 mandatory attributes added to each new Non-Employee Source automatically. Additionaly, user can add up to 10 custom attributes. This interface returns all the mandatory attributes followed by any custom attributes. At most, a total of 18 attributes will be returned. + Requires role context of `idn:nesr:read` or the user must be an account manager of the source. + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + example: ef38f94347e94562b5bb8424a56397d8 + description: The Source id + responses: + '200': + description: A list of Schema Attributes + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + maxItems: 18 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createNonEmployeeSourceSchemaAttributes + tags: + - Non-Employee Lifecycle Management + summary: Create a new Schema Attribute for Non-Employee Source + description: |- + This API creates a new schema attribute for Non-Employee Source. The schema technical name must be unique in the source. Attempts to create a schema attribute with an existing name will result in a "400.1.409 Reference conflict" response. At most, 10 custom attributes can be created per schema. Attempts to create more than 10 will result in a "400.1.4 Limit violation" response. + Requires role context of `idn:nesr:create` + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + description: The Source id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + type: + type: string + description: Type of the attribute. Only type 'TEXT' is supported for custom attributes. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + responses: + '200': + description: Schema Attribute created. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeSourceSchemaAttributes + tags: + - Non-Employee Lifecycle Management + summary: Delete all custom schema attributes for Non-Employee Source + description: 'This end-point deletes all custom schema attributes for a non-employee source. Requires role context of `idn:nesr:delete`' + parameters: + - in: path + name: sourceId + schema: + type: string + required: true + description: The Source id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: All custon Schema Attributes were successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/non-employee-sources/{sourceId}/schema-attributes/{attributeId}': + get: + operationId: getNonEmployeeSchemaAttribute + security: + - oauth2: [] + tags: + - Non-Employee Lifecycle Management + summary: Get Schema Attribute Non-Employee Source + description: 'This API gets a schema attribute by Id for the specified Non-Employee SourceId. Requires role context of `idn:nesr:read` or the user must be an account manager of the source.' + parameters: + - in: path + name: attributeId + schema: + type: string + required: true + example: ef38f94347e94562b5bb8424a56397d8 + description: The Schema Attribute Id (UUID) + - in: path + name: sourceId + schema: + type: string + required: true + example: ef38f94347e94562b5bb8424a56397d8 + description: The Source id + responses: + '200': + description: The Schema Attribute + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchNonEmployeeSchemaAttribute + tags: + - Non-Employee Lifecycle Management + summary: Patch a Schema Attribute for Non-Employee Source + description: | + This end-point patches a specific schema attribute for a non-employee SourceId. + Requires role context of `idn:nesr:update` + parameters: + - in: path + name: attributeId + schema: + type: string + required: true + description: The Schema Attribute Id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: sourceId + schema: + type: string + required: true + description: The Source id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + description: 'A list of schema attribute update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. The following properties are allowed for update '':'' ''label'', ''helpText'', ''placeholder'', ''required''.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /label + value: + new attribute label: null + required: true + responses: + '200': + description: The Schema Attribute was successfully patched. + content: + application/json: + schema: + type: object + properties: + id: + type: string + format: UUID + example: ac110005-7156-1150-8171-5b292e3e0084 + description: Schema Attribute Id + system: + type: boolean + description: True if this schema attribute is mandatory on all non-employees sources. + example: true + modified: + type: string + format: date-time + description: When the schema attribute was last modified. + example: '2019-08-23T18:52:59.162Z' + created: + type: string + format: date-time + description: When the schema attribute was created. + example: '2019-08-23T18:40:35.772Z' + type: + type: string + enum: + - TEXT + - DATE + - IDENTITY + description: Enum representing the type of data a schema attribute accepts. + example: TEXT + label: + type: string + description: Label displayed on the UI for this schema attribute. + example: Account Name + technicalName: + type: string + description: The technical name of the attribute. Must be unique per source. + example: account.name + helpText: + type: string + description: help text displayed by UI. + example: The unique identifier for the account + placeholder: + type: string + description: Hint text that fills UI box. + example: Enter a unique user name for this account. + required: + type: boolean + description: 'If true, the schema attribute is required for all non-employees in the source' + example: true + required: + - type + - technicalName + - label + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteNonEmployeeSchemaAttribute + tags: + - Non-Employee Lifecycle Management + summary: Delete a Schema Attribute for Non-Employee Source + description: | + This end-point deletes a specific schema attribute for a non-employee source. + Requires role context of `idn:nesr:delete` + parameters: + - in: path + name: attributeId + schema: + type: string + required: true + description: The Schema Attribute Id (UUID) + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: sourceId + schema: + type: string + required: true + description: The Source id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: The Schema Attribute was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /oauth-clients: + get: + operationId: listOauthClients + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: List OAuth Clients + description: This gets a list of OAuth clients. + parameters: + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **lastUsed**: *le, isnull* + example: 'lastUsed le 2023-02-05T10:59:27.214Z' + responses: + '200': + description: List of OAuth clients. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: Create OAuth Client + description: This creates an OAuth client. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + nullable: true + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + description: The number of seconds an access token generated for this API Client is valid for + type: integer + format: int32 + example: 750 + refreshTokenValiditySeconds: + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + type: integer + format: int32 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs. Provide one or more URIs when assigning the AUTHORIZATION_CODE grant type to a new OAuth Client. + example: + - 'http://localhost:12345' + grantTypes: + type: array + nullable: true + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal within the product. + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: 'Scopes of the API Client. If no scope is specified, the client will be created with the default scope "sp:scopes:all". This means the API Client will have all the rights of the owner who created it.' + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - name + - description + - accessTokenValiditySeconds + - grantTypes + - accessType + - enabled + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + secret: + type: string + description: Secret of the OAuth client (This field is only returned on the intial create call.) + example: 5c32dd9b21adb51c77794d46e71de117a1d0ddb36a7ff941fa28014ab7de2cf3 + businessName: + type: string + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + type: integer + format: int32 + refreshTokenValiditySeconds: + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + type: integer + format: int32 + redirectUris: + type: array + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - secret + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/oauth-clients/{id}': + get: + operationId: getOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + - 'sp:oauth-client:read' + tags: + - OAuth Clients + summary: Get OAuth Client + description: This gets details of an OAuth client. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The OAuth client id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: Delete OAuth Client + description: This deletes an OAuth client. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The OAuth client id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: patchOauthClient + security: + - oauth2: + - 'sp:oauth-client:manage' + tags: + - OAuth Clients + summary: Patch OAuth Client + description: This performs a targeted update to the field(s) of an OAuth client. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The OAuth client id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields are patchable: + * tenant + * businessName + * homepageUrl + * name + * description + * accessTokenValiditySeconds + * refreshTokenValiditySeconds + * redirectUris + * grantTypes + * accessType + * enabled + * strongAuthSupported + * claimsSupported + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /strongAuthSupported + value: true + - op: replace + path: /businessName + value: acme-solar + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the OAuth client''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the OAuth client + example: 2c9180835d2e5168015d32f890ca1581 + businessName: + type: string + nullable: true + description: The name of the business the API Client should belong to + example: Acme-Solar + homepageUrl: + type: string + nullable: true + description: The homepage URL associated with the owner of the API Client + example: 'http://localhost:12345' + name: + type: string + description: A human-readable name for the API Client + example: Demo API Client + description: + type: string + nullable: true + description: A description of the API Client + example: 'An API client used for the authorization_code, refresh_token, and client_credentials flows' + accessTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds an access token generated for this API Client is valid for + example: 750 + refreshTokenValiditySeconds: + type: integer + format: int32 + description: The number of seconds a refresh token generated for this API Client is valid for + example: 86400 + redirectUris: + type: array + nullable: true + items: + type: string + description: A list of the approved redirect URIs used with the authorization_code flow + example: + - 'http://localhost:12345' + grantTypes: + type: array + items: + description: OAuth2 Grant Type + type: string + example: CLIENT_CREDENTIALS + enum: + - CLIENT_CREDENTIALS + - AUTHORIZATION_CODE + - REFRESH_TOKEN + description: A list of OAuth 2.0 grant types this API Client can be used with + example: + - AUTHORIZATION_CODE + - CLIENT_CREDENTIALS + - REFRESH_TOKEN + accessType: + description: The access type (online or offline) of this API Client + example: OFFLINE + type: string + enum: + - ONLINE + - OFFLINE + type: + description: The type of the API Client (public or confidential) + example: CONFIDENTIAL + type: string + enum: + - CONFIDENTIAL + - PUBLIC + internal: + type: boolean + description: An indicator of whether the API Client can be used for requests internal to IDN + example: false + enabled: + type: boolean + description: An indicator of whether the API Client is enabled for use + example: true + strongAuthSupported: + type: boolean + description: An indicator of whether the API Client supports strong authentication + example: false + claimsSupported: + type: boolean + description: An indicator of whether the API Client supports the serialization of SAML claims when used with the authorization_code flow + example: false + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was created' + example: '2017-07-11T18:45:37.098Z' + modified: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when the API Client was last updated' + example: '2018-06-25T20:22:28.104Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this API Client was last used to generate an access token. This timestamp does not get updated on every API Client usage, but only once a day. This property can be useful for identifying which API Clients are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the API Client. + example: + - 'demo:api-client-scope:first' + - 'demo:api-client-scope:second' + required: + - id + - businessName + - homepageUrl + - name + - description + - accessTokenValiditySeconds + - refreshTokenValiditySeconds + - redirectUris + - grantTypes + - accessType + - type + - internal + - enabled + - strongAuthSupported + - claimsSupported + - created + - modified + - scope + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /personal-access-tokens: + get: + operationId: listPersonalAccessTokens + security: + - oauth2: + - 'sp:my-personal-access-tokens:read' + - 'sp:my-personal-access-tokens:manage' + - 'sp:all-personal-access-tokens:read' + - 'sp:all-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: List Personal Access Tokens + description: 'This gets a collection of personal access tokens associated with the optional `owner-id`. query parameter. If the `owner-id` query parameter is omitted, all personal access tokens for a tenant will be retrieved, but the caller must have the ''idn:all-personal-access-tokens:read'' right.' + parameters: + - in: query + name: owner-id + description: |- + The identity ID of the owner whose personal access tokens should be listed. If "me", the caller should have the following right: 'idn:my-personal-access-tokens:read' + If an actual owner ID or if the `owner-id` parameter is omitted in the request, the caller should have the following right: 'idn:all-personal-access-tokens:read'. + If the caller has the following right, then managed personal access tokens associated with `owner-id` will be retrieved: 'idn:managed-personal-access-tokens:read' + required: false + schema: + type: string + default: null + example: 2c9180867b50d088017b554662fb281e + - in: query + name: filters + required: false + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **lastUsed**: *le, isnull* + example: 'lastUsed le 2023-02-05T10:59:27.214Z' + responses: + '200': + description: List of personal access tokens. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of the personal access token (to be used as the username for Basic Auth). + example: 86f1dc6fe8f54414950454cbb11278fa + name: + type: string + description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. + example: NodeJS Integration + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the personal access token. + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + owner: + description: Details about the owner of the personal access token. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was created.' + example: '2017-07-11T18:45:37.098Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + required: + - id + - name + - scope + - owner + - created + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createPersonalAccessToken + security: + - oauth2: + - 'sp:my-personal-access-tokens:manage' + - 'sp:all-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: Create Personal Access Token + description: This creates a personal access token. + requestBody: + description: Name and scope of personal access token. + required: true + content: + application/json: + schema: + type: object + description: Object for specifying the name of a personal access token to create + properties: + name: + type: string + description: The name of the personal access token (PAT) to be created. Cannot be the same as another PAT owned by the user for whom this PAT is being created. + example: NodeJS Integration + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: 'Scopes of the personal access token. If no scope is specified, the token will be created with the default scope "sp:scopes:all". This means the personal access token will have all the rights of the owner who created it.' + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + required: + - name + responses: + '200': + description: Created. Note - this is the only time Personal Access Tokens' secret attribute will be displayed. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the personal access token (to be used as the username for Basic Auth). + example: 86f1dc6fe8f54414950454cbb11278fa + secret: + type: string + description: The secret of the personal access token (to be used as the password for Basic Auth). + example: 1d1bef2b9f426383447f64f69349fc7cac176042578d205c256ba3f37c59adb9 + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the personal access token. + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + name: + type: string + description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. + example: NodeJS Integration + owner: + description: Details about the owner of the personal access token. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was created.' + example: '2017-07-11T18:45:37.098Z' + required: + - id + - secret + - scope + - name + - owner + - created + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/personal-access-tokens/{id}': + patch: + operationId: patchPersonalAccessToken + security: + - oauth2: + - 'sp:my-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: Patch Personal Access Token + description: This performs a targeted update to the field(s) of a Personal Access Token. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Personal Access Token id + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + description: | + A list of OAuth client update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + The following fields are patchable: + * name + * scope + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + example: + - op: replace + path: /name + value: New name + - op: replace + path: /scope + value: + - 'sp:scopes:all' + responses: + '200': + description: 'Indicates the PATCH operation succeeded, and returns the PAT''s new representation.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The ID of the personal access token (to be used as the username for Basic Auth). + example: 86f1dc6fe8f54414950454cbb11278fa + name: + type: string + description: The name of the personal access token. Cannot be the same as other personal access tokens owned by a user. + example: NodeJS Integration + scope: + type: array + nullable: true + items: + type: string + default: 'sp:scopes:all' + description: Scopes of the personal access token. + example: + - 'demo:personal-access-token-scope:first' + - 'demo:personal-access-token-scope:second' + owner: + description: Details about the owner of the personal access token. + type: object + properties: + type: + description: DTO type + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + created: + type: string + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was created.' + example: '2017-07-11T18:45:37.098Z' + lastUsed: + type: string + nullable: true + format: date-time + description: 'The date and time, down to the millisecond, when this personal access token was last used to generate an access token. This timestamp does not get updated on every PAT usage, but only once a day. This property can be useful for identifying which PATs are no longer actively used and can be removed.' + example: '2017-07-11T18:45:37.098Z' + required: + - id + - name + - scope + - owner + - created + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deletePersonalAccessToken + security: + - oauth2: + - 'sp:my-personal-access-tokens:manage' + - 'sp:all-personal-access-tokens:manage' + tags: + - Personal Access Tokens + summary: Delete Personal Access Token + description: This deletes a personal access token. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The personal access token id + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '204': + description: No content. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /public-identities: + get: + operationId: getPublicIdentities + tags: + - Public Identities + summary: Get a list of public identities + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + required: false + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **alias**: *eq, sw* + + **email**: *eq, sw* + + **firstname**: *eq, sw* + + **lastname**: *eq, sw* + example: firstname eq "John" + - in: query + name: add-core-filters + description: |- + If *true*, only get identities which satisfy ALL the following criteria in addition to any criteria specified by *filters*: + - Should be either correlated or protected. + - Should not be "spadmin" or "cloudadmin". + - uid should not be null. + - lastname should not be null. + - email should not be null. + required: false + example: false + schema: + type: boolean + default: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + required: false + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + example: name + responses: + '200': + description: A list of public identity objects. + content: + application/json: + schema: + type: array + items: + type: object + title: Public Identity + description: Details about a public identity + properties: + id: + type: string + description: Identity id + example: 2c9180857182305e0171993735622948 + name: + type: string + description: Human-readable display name of identity. + example: Alison Ferguso + alias: + type: string + description: Alternate unique identifier for the identity. + example: alison.ferguso + email: + nullable: true + type: string + description: Email address of identity. + example: alison.ferguso@acme-solar.com + status: + nullable: true + type: string + description: The lifecycle status for the identity + example: Active + manager: + description: An identity reference to the manager of this identity + type: object + nullable: true + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + attributes: + type: array + description: The public identity attributes of the identity + items: + type: object + properties: + key: + type: string + description: The attribute key + example: country + name: + type: string + description: Human-readable display name of the attribute + example: Country + value: + type: string + description: The attribute value + example: US + example: + - id: 2c9180857182305e0171993735622948 + name: Alison Ferguso + alias: alison.ferguso + email: alison.ferguso@acme-solar.com + status: Active + manager: + type: IDENTITY + id: 2c9180a46faadee4016fb4e018c20639 + name: Thomas Edison + attributes: + - key: phone + name: Phone + value: '5125551234' + - key: country + name: Country + value: US + - id: 2c9180a46faadee4016fb4e018c20639 + name: Thomas Edison + alias: thomas.edison + email: thomas.edison@acme-solar.com + status: Active + manager: + type: IDENTITY + id: 2c918086676d3e0601677611dbde220f + name: Mister Manager + attributes: + - key: phone + name: Phone + value: '5125554321' + - key: country + name: Country + value: US + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /public-identities-config: + get: + operationId: getPublicIdentityConfig + tags: + - Public Identities Config + summary: Get the Public Identities Configuration + description: Returns the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API. + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org. + properties: + attributes: + type: array + description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org. + items: + type: object + description: Used to map an attribute key for an Identity to its display name. + properties: + key: + type: string + description: The attribute key + example: country + name: + type: string + description: The attribute display name + example: Country + modified: + nullable: true + type: string + description: When this configuration was last modified. + format: date-time + example: '2018-06-25T20:22:28.104Z' + modifiedBy: + description: The identity who last modified this configuration. + type: object + nullable: true + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: updatePublicIdentityConfig + tags: + - Public Identities Config + summary: Update the Public Identities Configuration + description: Updates the publicly visible attributes of an identity available to request approvers for Access Requests and Certification Campaigns. A token with ORG ADMIN authority is required to call this API. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org. + properties: + attributes: + type: array + description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org. + items: + type: object + description: Used to map an attribute key for an Identity to its display name. + properties: + key: + type: string + description: The attribute key + example: country + name: + type: string + description: The attribute display name + example: Country + modified: + nullable: true + type: string + description: When this configuration was last modified. + format: date-time + example: '2018-06-25T20:22:28.104Z' + modifiedBy: + description: The identity who last modified this configuration. + type: object + nullable: true + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + responses: + '200': + description: Request succeeded. + content: + application/json: + schema: + type: object + description: Details of up to 5 Identity attributes that will be publicly accessible for all Identities to anyone in the org. + properties: + attributes: + type: array + description: Up to 5 identity attributes that will be available to everyone in the org for all users in the org. + items: + type: object + description: Used to map an attribute key for an Identity to its display name. + properties: + key: + type: string + description: The attribute key + example: country + name: + type: string + description: The attribute display name + example: Country + modified: + nullable: true + type: string + description: When this configuration was last modified. + format: date-time + example: '2018-06-25T20:22:28.104Z' + modifiedBy: + description: The identity who last modified this configuration. + type: object + nullable: true + properties: + type: + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: Human-readable display name of identity. + example: Thomas Edison + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /requestable-objects: + get: + operationId: listRequestableObjects + tags: + - Requestable Objects + summary: Requestable Objects List + description: |- + This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using *identity-id* query param. + Any authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity. + parameters: + - in: query + name: identity-id + required: false + schema: + type: string + example: e7eab60924f64aa284175b9fa3309599 + description: |- + If present, the value returns only requestable objects for the specified identity. + * Admin users can call this with any identity ID value. + * Non-admin users can only specify *me* or pass their own identity ID value. + * If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result. + - in: query + name: types + description: 'Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.' + required: false + schema: + type: array + items: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + example: 'ROLE,ACCESS_PROFILE' + explode: false + - in: query + name: term + required: false + schema: + type: string + example: Finance Role + description: 'It allows searching requestable access items with a partial match on the name or description. If term is provided, then the *filter* query parameter will be ignored.' + - in: query + name: statuses + description: 'Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an *identity-id* parameter. Additional statuses may be added in the future without notice.' + required: false + schema: + type: array + items: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + explode: false + example: + - ASSIGNED + - PENDING + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: name sw "bob" + description: | + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq, in, sw* + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + required: false + example: name + description: | + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + responses: + '200': + description: List of requestable objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: Id of the requestable object itself + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Human-readable display name of the requestable object + example: Applied Research Access + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: The time when the requestable object was created + modified: + nullable: true + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: The time when the requestable object was last modified + description: + type: string + description: Description of the requestable object. + example: 'Access to research information, lab results, and schematics.' + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + requestStatus: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + identityRequestId: + type: string + description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.' + nullable: true + example: null + ownerRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + requestCommentsRequired: + type: boolean + description: Whether the requester must provide comments when requesting the object. + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /roles: + get: + operationId: listRoles + tags: + - Roles + summary: List Roles + description: |- + This API returns a list of Roles. + + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: for-subadmin + schema: + type: string + description: 'If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**, which is shorthand for the calling Identity''s ID. A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not a subadmin.' + example: 5168015d32f890ca15812c9180835d2e + required: false + - in: query + name: limit + description: |- + Note that for this API the maximum value for limit is 50. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 50 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 50 + default: 50 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) Filtering is supported for the following fields and operators: + **id**: *eq, in* **name**: *eq, sw* **created, modified**: *gt, lt, ge, le* **owner.id**: *eq, in* **requestable**: *eq* + example: requestable eq false + required: false + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: 'Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) Sorting is supported for the following fields: **name, created, modified**' + example: 'name,-modified' + required: false + - in: query + name: for-segment-ids + schema: + type: string + format: comma-separated + description: |- + If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs. + + If segmentation is currently unavailable, specifying this parameter results in an error. + example: '0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d' + required: false + - in: query + name: include-unsegmented + schema: + type: boolean + default: true + description: 'Whether or not the response list should contain unsegmented Roles. If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.' + example: false + required: false + responses: + '200': + description: List of Roles + content: + application/json: + schema: + type: array + items: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role:read' + - 'idn:role-checked:read' + post: + operationId: createRole + tags: + - Roles + summary: Create a Role + description: |- + This API creates a Role. + There is a soft limit of 800 roles per org in IdentityNow. You will receive an error if you attempt to add more than 800 roles via the API or the UI. If you need to add roles above this limit, please create a support ticket. + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a ROLE_SUBADMIN may not create a Role including an Access Profile if that Access Profile is associated with a Source with which the ROLE_SUBADMIN is not themselves associated. + The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters. + requestBody: + required: true + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + responses: + '201': + description: Role created + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role:create' + - 'idn:role-checked:create' + '/roles/{id}': + get: + operationId: getRole + tags: + - Roles + summary: Get a Role + description: |- + This API returns a Role by its ID. + + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. + parameters: + - in: path + name: id + required: true + schema: + type: string + description: ID of the Role + example: 2c91808a7813090a017814121e121518 + responses: + '200': + description: List of all Roles + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role:read' + - 'idn:role-checked:read' + patch: + operationId: patchRole + tags: + - Roles + summary: Patch a specified Role + description: |- + This API updates an existing Role using [JSON Patch](https://tools.ietf.org/html/rfc6902) syntax. + + The following fields are patchable: **name**, **description**, **enabled**, **owner**, **accessProfiles**, **membership**, **requestable**, **accessRequestConfig**, **revokeRequestConfig**, **segments** + A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API. In addition, a token with ROLE_SUBADMIN authority may only call this API if all Access Profiles included in the Role are associated to Sources with management workgroups of which the ROLE_SUBADMIN is a member. + The maximum supported length for the description field is 2000 characters. Longer descriptions will be preserved for existing roles, however, any new roles as well as any updates to existing descriptions will be limited to 2000 characters. + parameters: + - name: id + in: path + description: ID of the Role to patch + required: true + schema: + type: string + example: 2c91808a7813090a017814121e121518 + requestBody: + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Make a Role Requestable and Enable it in One Call: + description: This example shows how multiple fields may be updated with a single patch call. + value: + - op: replace + path: /requestable + value: true + - op: replace + path: /enabled + value: true + Assign a Role to a Segment: + description: This example illustrates the use of patch to assign a Role to a Segment by adding the Segment's ID to the Role's segments array. + value: + - op: add + path: /segments/- + value: f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + Set the Membership Selection Criteria to a List of Identities: + description: 'This example shows how to define a Role''s membershp by providing a list of Identities, referenced by their IDs.' + value: + - op: replace + path: /membership + value: + type: IDENTITY_LIST + identities: + - id: 2c91808973fe906c0174262092014ed9 + - id: 2c918086262092014ed94fb8a47612f3 + Set the Membership Selection Criteria to a Standard Expression: + description: 'This example shows how to define a Role''s membership using STANDARD criteria. In this case, the Role will be granted to all Identities which have the *Engineering* attribute from the indicated Source.' + value: + - op: replace + path: /membership + value: + type: STANDARD + criteria: + operation: OR + children: + - operation: EQUALS + key: + type: ENTITLEMENT + property: attribute.memberOf + sourceId: 2c9180887701fb2014213e122092014e + stringValue: Engineering + Add a New Clause as the Child of an Existing Standard Expression: + description: This example shows how to add a child clause to an existing STANDARD criteria expression. + value: + - op: add + path: /membership/criteria/children/- + value: + operation: ENDS_WITH + key: + type: IDENTITY + property: attribute.email + stringValue: '@identitynow.com' + required: true + responses: + '200': + description: Responds with the Role as updated. + content: + application/json: + schema: + type: object + description: A Role + properties: + id: + type: string + description: 'The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.' + example: 2c918086749d78830174a1a40e121518 + name: + type: string + description: The human-readable display name of the Role + maxLength: 128 + example: Role 2567 + created: + type: string + description: Date the Role was created + format: date-time + example: '2021-03-01T22:32:58.104Z' + readOnly: true + modified: + type: string + description: Date the Role was last modified. + format: date-time + example: '2021-03-02T20:22:28.104Z' + readOnly: true + description: + type: string + nullable: true + description: A human-readable description of the Role + example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor. + owner: + type: object + description: The owner of this object. + properties: + type: + description: 'Owner type. This field must be either left null or set to ''IDENTITY'' on input, otherwise a 400 Bad Request error will result.' + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + description: 'Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner''s display name, otherwise a 400 Bad Request error will result.' + example: support + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the Access Profile + example: ff808081751e6e129f1518161919ecca + type: + type: string + description: 'Type of requested object. This field must be either left null or set to ''ACCESS_PROFILE'' when creating an Access Profile, otherwise a 400 Bad Request error will result.' + enum: + - ACCESS_PROFILE + example: ACCESS_PROFILE + name: + type: string + description: Human-readable display name of the Access Profile. This field is ignored on input. + example: Access Profile 2567 + nullable: true + membership: + nullable: true + type: object + description: 'When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.' + properties: + type: + type: string + enum: + - STANDARD + - IDENTITY_LIST + description: |- + This enum characterizes the type of a Role's membership selector. Only the following two are fully supported: + + STANDARD: Indicates that Role membership is defined in terms of a criteria expression + + IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed + example: IDENTITY_LIST + criteria: + nullable: true + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + nullable: true + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + nullable: true + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + children: + type: array + items: + type: object + description: Defines STANDARD type Role membership + properties: + operation: + type: string + enum: + - EQUALS + - NOT_EQUALS + - CONTAINS + - STARTS_WITH + - ENDS_WITH + - AND + - OR + description: An operation + example: EQUALS + key: + type: object + nullable: true + description: 'Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria' + properties: + type: + type: string + enum: + - IDENTITY + - ACCOUNT + - ENTITLEMENT + description: 'Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.' + example: ACCOUNT + property: + type: string + description: The name of the attribute or entitlement to which the associated criteria applies. + example: attribute.email + sourceId: + type: string + nullable: true + description: ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT + example: 2c9180867427f3a301745aec18211519 + required: + - type + - property + stringValue: + type: string + description: 'String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.' + example: carlee.cert1c9f9b6fd@mailinator.com + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + nullable: true + description: 'Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.' + identities: + type: array + items: + type: object + description: A reference to an Identity in an IDENTITY_LIST role membership criteria. + properties: + type: + nullable: true + example: IDENTITY + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + id: + type: string + description: Identity id + example: 2c9180a46faadee4016fb4e018c20639 + name: + type: string + nullable: true + description: Human-readable display name of the Identity. + example: Thomas Edison + aliasName: + type: string + nullable: true + description: User name of the Identity + example: t.edison + nullable: true + description: 'Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.' + legacyMembershipInfo: + type: object + nullable: true + description: 'This field is not directly modifiable and is generally expected to be *null*. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.' + example: + type: IDENTITY_LIST + additionalProperties: true + enabled: + type: boolean + description: Whether the Role is enabled or not. This field is false by default. + example: true + requestable: + type: boolean + description: Whether the Role can be the target of Access Requests. This field is false by default. + example: true + accessRequestConfig: + nullable: true + description: Access request configuration for this object + type: object + properties: + commentsRequired: + type: boolean + description: Whether the requester of the containing object must provide comments justifying the request + example: true + denialCommentsRequired: + type: boolean + description: Whether an approver must provide comments when denying the request + example: true + approvalSchemes: + type: array + description: List describing the steps in approving the request + items: + type: object + properties: + approverType: + type: string + enum: + - OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + + **OWNER**: Owner of the associated Role + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + revocationRequestConfig: + nullable: true + description: Revocation request configuration for this object. + type: object + properties: + approvalSchemes: + type: array + description: List describing the steps in approving the revocation request + items: + type: object + properties: + approverType: + type: string + enum: + - APP_OWNER + - OWNER + - SOURCE_OWNER + - MANAGER + - GOVERNANCE_GROUP + description: |- + Describes the individual or group that is responsible for an approval step. Values are as follows. + **APP_OWNER**: The owner of the Application + + **OWNER**: Owner of the associated Access Profile or Role + + **SOURCE_OWNER**: Owner of the Source associated with an Access Profile + + **MANAGER**: Manager of the Identity making the request + + **GOVERNANCE_GROUP**: A Governance Group, the ID of which is specified by the **approverId** field + example: GOVERNANCE_GROUP + approverId: + type: string + nullable: true + description: 'Id of the specific approver, used only when approverType is GOVERNANCE_GROUP' + example: 46c79819-a69f-49a2-becb-12c971ae66c6 + segments: + type: array + items: + type: string + nullable: true + description: 'List of IDs of segments, if any, to which this Role is assigned.' + example: + - f7b1b8a3-5fed-4fd4-ad29-82014e137e19 + - 29cb6c06-1da8-43ea-8be4-b3125f248f2a + required: + - name + - owner + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role:update' + - 'idn:role-checked:update' + '/roles/{id}/assigned-identities': + get: + operationId: getRoleAssignedIdentities + tags: + - Roles + summary: List Identities assigned a Role + parameters: + - in: path + name: id + schema: + type: string + description: ID of the Role for which the assigned Identities are to be listed + example: 2c91808a7813090a017814121e121518 + required: true + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **aliasName**: *eq, sw* + + **email**: *eq, sw* + + **name**: *eq, sw, co* + example: name sw Joe + - in: query + name: sorters + schema: + type: string + format: comma-separated + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **id**, **name**, **aliasName**, **email** + example: 'aliasName,name' + responses: + '200': + description: List of Identities assigned the Role + content: + application/json: + schema: + type: array + items: + type: object + description: A subset of the fields of an Identity which is a member of a Role. + properties: + id: + type: string + description: The ID of the Identity + example: 2c9180a46faadee4016fb4e018c20639 + aliasName: + type: string + description: The alias / username of the Identity + example: t.edison + name: + type: string + description: The human-readable display name of the Identity + example: Thomas Edison + email: + type: string + description: Email address of the Identity + example: t.edison@identitynow.com + roleAssignmentSource: + type: string + enum: + - ACCESS_REQUEST + - ROLE_MEMBERSHIP + description: Type which indicates how a particular Identity obtained a particular Role + example: ACCESS_REQUEST + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:role:read' + - 'idn:role-checked:read' + /saved-searches: + post: + tags: + - Saved Search + description: | + Creates a new saved search. + summary: Create a saved search + operationId: createSavedSearch + requestBody: + description: The saved search to persist. + content: + application/json: + schema: + allOf: + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + required: true + responses: + '201': + description: The persisted saved search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + get: + tags: + - Saved Search + description: | + Returns a list of saved searches. + summary: Return a list of Saved Searches + operationId: listSavedSearches + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: filters + in: query + schema: + type: string + description: | + An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results). + + Allowed filter properties: *owner.id*, *public* + + Allowed filter operator: *eq* + + **Example filters**: + + ```owner.id eq "0de46054-fe90-434a-b84e-c6b3359d0c64"``` -- returns saved searches for the specified owner ID + + ```public eq true``` -- returns all public saved searches + + ```owner.id eq me or public eq true``` -- returns all of the current user's saved searches as well as all public saved searches belonging to other users in the current org + example: public eq true + responses: + '200': + description: The list of requested saved searches. + content: + application/json: + schema: + type: array + items: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + headers: + X-Total-Count: + description: The total result count (returned only if the *count* parameter is specified as *true*). + schema: + type: integer + example: 5 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '/saved-searches/{id}': + put: + tags: + - Saved Search + description: | + Updates an existing saved search. + summary: | + Updates an existing saved search + operationId: updateSavedSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + requestBody: + description: The saved search to persist. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + required: true + responses: + '200': + description: The persisted saved search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + get: + tags: + - Saved Search + description: | + Returns the specified saved search. + summary: Return a saved search by ID + operationId: getSavedSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '200': + description: The requested saved search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + delete: + tags: + - Saved Search + description: | + Deletes the specified saved search. + summary: Delete a document by ID + operationId: deleteSavedSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '204': + description: No Content - Indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '/saved-searches/{id}/execute': + post: + tags: + - Saved Search + description: | + Executes the specified saved search. + summary: Execute a saved search by ID + operationId: executeSavedSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + requestBody: + description: | + When saved search execution is triggered by a scheduled search, *scheduleId* will specify the ID of the triggering scheduled search. + + If *scheduleId* is not specified (when execution is triggered by a UI test), the *owner* and *recipients* arguments must be provided. + content: + application/json: + schema: + type: object + properties: + scheduleId: + description: | + The ID of the scheduled search that triggered the saved search execution. + type: string + example: 7a724640-0c17-4ce9-a8c3-4a89738459c8 + owner: + description: | + The owner of the scheduled search being tested. + allOf: + - type: object + description: | + A typed reference to the object. + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + recipients: + description: | + The email recipients of the scheduled search being tested. + type: array + items: + type: object + description: | + A typed reference to the object. + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + examples: + scheduled: + summary: Triggered by Scheduled Search + value: + scheduleId: 7a724640-0c17-4ce9-a8c3-4a89738459c8 + test: + summary: Triggered by UI Test + value: + owner: + type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + recipients: + - type: IDENTITY + id: 2c91808568c529c60168cca6f90c1313 + required: true + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /scheduled-searches: + post: + tags: + - Scheduled Search + description: | + Creates a new scheduled search. + summary: Create a new scheduled search + operationId: createScheduledSearch + requestBody: + description: The scheduled search to persist. + content: + application/json: + schema: + allOf: + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + examples: + Daily Search: + description: A search that executes each day at a 9 AM + value: + savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad + schedule: + type: DAILY + hours: + type: LIST + values: + - '9' + recipients: + - type: IDENTITY + id: 2c9180867624cbd7017642d8c8c81f67 + Weekly Search: + description: A search that executes each week on select days and times + value: + savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad + schedule: + type: WEEKLY + days: + type: LIST + values: + - MON + - TUE + - WED + - THU + - FRI + - SAT + - SUN + hours: + type: LIST + values: + - '9' + recipients: + - type: IDENTITY + id: 2c9180867624cbd7017642d8c8c81f67 + Monthly Search: + description: A search that executes each month on select days and times + value: + savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad + schedule: + type: MONTHLY + days: + type: LIST + values: + - '1' + - '7' + - '14' + - L + hours: + type: LIST + values: + - '9' + recipients: + - type: IDENTITY + id: 2c9180867624cbd7017642d8c8c81f67 + Calendar Search: + description: A search that executes on specific calendar days + value: + savedSearchId: 9c620e13-cd33-4804-a13d-403bd7bcdbad + schedule: + type: CALENDAR + days: + type: LIST + values: + - '2023-01-22' + - '2023-02-22' + hours: + type: LIST + values: + - '9' + recipients: + - type: IDENTITY + id: 2c9180867624cbd7017642d8c8c81f67 + required: true + responses: + '201': + description: The persisted scheduled search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + tags: + - Scheduled Search + description: | + Returns a list of scheduled searches. + summary: List scheduled searches + operationId: listScheduledSearch + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: filters + in: query + schema: + type: string + description: | + An expression used to constrain the result set using the filtering syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results). + + Allowed filter properties: *owner.id*, *savedSearchId* + + Allowed filter operator: *eq* + + **Example filters**: + + ```owner.id eq "0de46054-fe90-434a-b84e-c6b3359d0c64"``` -- returns scheduled searches for the specified owner ID + + ```savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e"``` -- returns scheduled searches that reference the specified saved search + + ```owner.id eq me or savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e"``` -- returns all of the current user's scheduled searches as well as all scheduled searches that reference the specified saved search + example: savedSearchId eq "6cc0945d-9eeb-4948-9033-72d066e1153e" + responses: + '200': + description: The list of requested scheduled searches. + content: + application/json: + schema: + type: array + items: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + headers: + X-Total-Count: + description: The total result count (returned only if the *count* parameter is specified as *true*). + schema: + type: integer + example: 5 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/scheduled-searches/{id}': + put: + tags: + - Scheduled Search + description: | + Updates an existing scheduled search. + summary: Update an existing Scheduled Search + operationId: updateScheduledSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + requestBody: + description: The scheduled search to persist. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + required: true + responses: + '200': + description: The persisted scheduled search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + get: + tags: + - Scheduled Search + description: Returns the specified scheduled search. + summary: Get a Scheduled Search + operationId: getScheduledSearch + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '200': + description: The requested scheduled search. + content: + application/json: + schema: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + tags: + - Scheduled Search + description: | + Deletes the specified scheduled search. + operationId: deleteScheduledSearch + summary: Delete a Scheduled Search + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '204': + description: No Content - Indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/scheduled-searches/{id}/unsubscribe': + post: + tags: + - Scheduled Search + description: | + Unsubscribes a recipient from the specified scheduled search. + operationId: unsubscribeScheduledSearch + summary: Unsubscribe a recipient from Scheduled Search + parameters: + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + requestBody: + description: | + The recipient to be removed from the scheduled search. + content: + application/json: + schema: + type: object + description: | + A typed reference to the object. + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + required: true + responses: + '204': + description: No Content - Indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + /search: + post: + tags: + - Search + description: 'Performs a search with the provided query and returns a matching result collection. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. ' + externalDocs: + description: Learn more about search. + url: 'https://documentation.sailpoint.com/saas/help/search/index.html' + operationId: searchPost + summary: Perform Search + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + requestBody: + content: + application/json: + schema: + type: object + properties: + indices: + description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.' + externalDocs: + description: Learn more about search indices here. + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html' + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + queryType: + description: |- + The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body. + To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly. + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + - TYPEAHEAD + default: SAILPOINT + example: SAILPOINT + queryVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the query object. + This version number will map to the version of Elasticsearch for the query strings and objects being used. + query: + type: object + description: Query parameters used to construct an Elasticsearch query object. + properties: + query: + description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'name:a*' + fields: + description: The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields. + type: array + items: + type: string + example: + - name + timeZone: + description: The time zone to be applied to any range query related to dates. + type: string + example: America/Chicago + innerHit: + description: The innerHit query object returns a flattened list of results for the specified nested type. + type: object + required: + - query + - type + properties: + query: + description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'source.name:\"Active Directory\"' + type: + description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.' + type: string + example: access + queryDsl: + description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.' + type: object + example: + match: + name: john.doe + typeAheadQuery: + type: object + description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." ' + required: + - query + - field + properties: + query: + description: The type ahead query string used to construct a phrase prefix match query. + type: string + example: Work + field: + description: The field on which to perform the type ahead search. + type: string + example: source.name + nestedType: + description: The nested type. + type: string + example: access + maxExpansions: + description: |- + The number of suffixes the last term will be expanded into. + Influences the performance of the query and the number results returned. + Valid values: 1 to 1000. + type: integer + format: int32 + minimum: 1 + maximum: 1000 + default: 10 + example: 10 + includeNested: + description: Indicates whether nested objects from returned search results should be included. + type: boolean + default: true + example: true + queryResultFilter: + type: object + description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents. + properties: + includes: + description: The list of field names to include in the result documents. + type: array + items: + type: string + example: + - name + - displayName + excludes: + description: The list of field names to exclude from the result documents. + type: array + items: + type: string + example: + - stacktrace + aggregationType: + description: | + Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results. + + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + default: DSL + example: DSL + aggregationsVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the language being used for aggregation queries. + This version number will map to the version of Elasticsearch for the aggregation query object. + aggregationsDsl: + description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.' + type: object + example: {} + aggregations: + description: | + The aggregation’s specifications, such as the groupings and calculations to be performed. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + sort: + description: The fields to be used to sort the search results. Use + or - to specify the sort direction. + type: array + items: + type: string + example: + - displayName + - +id + searchAfter: + description: |- + Used to begin the search window at the values specified. + This parameter consists of the last values of the sorted fields in the current record set. + This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. + It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. + For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. + If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. + The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"] + type: array + items: + type: string + example: + - John Doe + - 2c91808375d8e80a0175e1f88a575221 + filters: + description: The filters to be applied for each filtered field name. + type: object + additionalProperties: + type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + example: {} + examples: + query-fields: + summary: Query with Fields + value: + indices: + - identities + query: + query: '"John Doe"' + fields: + - name + query-timeZone: + summary: Query with TimeZone + value: + indices: + - identities + query: + query: 'created: [2022-05-19T19:26:03.351Z TO now]' + timeZone: America/Los_Angeles + query-innerHit: + summary: Query with InnerHit + value: + indices: + - identities + query: + query: '"John Doe"' + innerHit: + type: access + query: 'source.name:\"Active Directory\"' + typeAheadQuery: + summary: TypeAheadQuery + value: + indices: + - identities + queryType: TYPEAHEAD + typeAheadQuery: + field: name + query: Jo + maxExpansions: 50 + typeAheadQuery-nestedType: + summary: TypeAheadQuery with NestedType + value: + indices: + - identities + queryType: TYPEAHEAD + typeAheadQuery: + field: source.name + nestedType: access + query: Work + maxExpansions: 50 + filter-exists: + summary: Filter with Exists + value: + indices: + - identities + query: + query: 'attributes.city:London' + filters: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + filter-range: + summary: Filter with Range + value: + indices: + - identities + query: + query: 'attributes.city:London' + timeZone: Europe/London + filters: + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + filter-terms: + summary: Filter with Terms + value: + indices: + - identities + query: + query: 'attributes.city:London' + filters: + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + required: true + responses: + '200': + description: List of matching documents. + content: + application/json: + schema: + type: array + items: + discriminator: + propertyName: _type + mapping: + accessprofile: ../model/access/profile/AccessProfileDocument.yaml + accountactivity: ../model/account/activity/AccountActivityDocument.yaml + account: ../model/account/AccountDocument.yaml + aggregation: ../model/aggregation/AggregationDocument.yaml + entitlement: ../model/entitlement/EntitlementDocument.yaml + event: ../model/event/EventDocument.yaml + identity: ../model/identity/IdentityDocument.yaml + role: ../model/role/RoleDocument.yaml + oneOf: + - description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + - description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + - description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + - description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + examples: + accessProfiles: + summary: A collection of AccessProfiles + value: + - id: 2c9180825a6c1adc015a71c9023f0818 + name: Cloud Eng + _type: accessprofile + description: Cloud Eng + created: '2017-02-24T20:21:23.145Z' + modified: '2019-05-24T20:36:04.312Z' + synced: '2020-02-18T05:30:20.414Z' + enabled: true + requestable: true + requestCommentsRequired: false + owner: + id: ff8081815757d36a015757d42e56031e + name: SailPoint Support + type: IDENTITY + email: cloud-support@sailpoint.com + source: + id: ff8081815757d4fb0157588f3d9d008f + name: Employees + entitlements: + - id: 2c918084575812550157589064f33b89 + name: 'CN=Cloud Engineering,DC=sailpoint,DC=COM' + description: mull + attribute: memberOf + value: 'CN=Cloud Engineering,DC=sailpoint,DC=COM' + entitlementCount: 1 + tags: + - TAG_1 + - TAG_2 + entitlements: + summary: A collection of Entitlements + value: + - id: 2c9180946ed0c43d016eec1a80892fbd + name: entitlement.aa415ae7 + _type: entitlement + description: 'null' + attribute: groups + value: entitlement.aa415ae7 + modified: '2019-12-09T19:19:50.154Z' + synced: '2020-02-19T04:30:32.906Z' + displayName: entitlement.aa415ae7 + source: + id: 2c91808b6e9e6fb8016eec1a2b6f7b5f + name: ODS-HR-Employees + privileged: false + identityCount: 68 + tags: + - TAG_1 + - TAG_2 + events: + summary: A collection of Events + value: + - id: e092842f-c904-4b59-aac8-2544abeeef4b + name: Update Task Schedule Passed + _type: event + created: '2020-02-17T16:23:18.327Z' + synced: '2020-02-17T16:23:18.388Z' + action: TASK_SCHEDULE_UPDATE_PASSED + type: SYSTEM_CONFIG + actor: + name: MantisTaskScheduler + target: + name: Perform provisioning activity search delete synchronization + stack: tpe + trackingNumber: c6b98bc39ece48b080826d16c76b166c + ipAddress: 207.189.160.158 + details: 'null' + attributes: + sourceName: SailPoint + objects: + - TASK + - SCHEDULE + operation: UPDATE + status: PASSED + technicalName: TASK_SCHEDULE_UPDATE_PASSED + identities: + summary: A collection of Identities + value: + - id: 2c9180865c45e7e3015c46c434a80622 + name: ad.admin + _type: identity + firstName: AD + lastName: Admin + displayName: AD Admin + email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM + created: '2018-08-22T19:54:54.302Z' + modified: '2018-08-22T19:54:54.302Z' + synced: '2018-08-22T19:54:54.302Z' + phone: 512-942-7578 + inactive: false + protected: false + status: UNREGISTERED + employeeNumber: O349804 + manager: null + isManager: false + identityProfile: + id: 2c918085605c8d0601606f357cb231e6 + name: E2E AD + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + attributes: + uid: ad.admin + firstname: AD + cloudAuthoritativeSource: 2c9180855c45b230015c46c19b9c0202 + cloudStatus: UNREGISTERED + iplanet-am-user-alias-list: null + displayName: AD Admin + internalCloudStatus: UNREGISTERED + workPhone: 512-942-7578 + email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM + lastname: Admin + processingState: null + processingDetails: null + accounts: + - id: 2c9180865c45e7e3015c46c434a80623 + name: ad.admin + accountId: 'CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local' + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + type: Active Directory - Direct + disabled: false + locked: false + privileged: false + manuallyCorrelated: false + passwordLastSet: '2018-08-22T19:54:54.302Z' + entitlementAttributes: + memberOf: + - 'CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local' + - 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local' + created: '2018-08-22T19:54:54.302Z' + - id: 2c918083606d670c01606f35a30a0349 + name: ad.admin + accountId: ad.admin + source: + id: ff8081815c46b85b015c46b90c7c02a6 + name: IdentityNow + type: IdentityNowConnector + disabled: false + locked: false + privileged: false + manuallyCorrelated: false + passwordLastSet: null + entitlementAttributes: null + created: '2018-08-22T19:54:54.302Z' + accountCount: 2 + apps: + - id: '22751' + name: ADP Workforce Now + source: + id: 2c9180855c45b230015c46e2f6a8026a + name: Corporate Active Directory + account: + id: 2c9180865c45efa4015c470be0de1606 + accountId: 'CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + appCount: 1 + access: + - id: 2c918083634bc6cb01639808d40270ba + name: 'test [AccessProfile-1527264105448]' + displayName: test + type: ACCESS_PROFILE + description: test + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + owner: + id: 2c9180865c45e7e3015c46c434a80622 + name: ad.admin + displayName: AD Admin + - id: 2c9180865c45e7e3015c46c457c50755 + name: Administrators + displayName: Administrators + type: ENTITLEMENT + description: null + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + privileged: false + attribute: memberOf + value: 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local' + standalone: false + - id: 2c9180865decdaa5015e06598b293108 + name: 'test [cloudRole-1503345085223]' + displayName: test + type: ROLE + description: test + owner: + id: 2c9180865c45e7e3015c46c5030707a0 + name: will.albin + displayName: Albin Will + disabled: false + accessCount: 3 + accessProfileCount: 1 + entitlementCount: 1 + roleCount: 1 + tags: + - TAG_1 + - TAG_2 + roles: + summary: A collection of Roles + value: + - id: 2c91808c6faadea6016fb4f2bc69077b + name: IT Role + _type: role + description: IT role + created: '2020-01-17T19:20:15.040Z' + modified: null + synced: '2020-02-18T05:30:20.145Z' + enabled: true + requestable: false + requestCommentsRequired: false + owner: + id: 2c9180a46faadee4016fb4e018c20639 + name: Cloud Support + type: IDENTITY + email: thomas.edison@acme-solar.com + accessProfiles: + - id: 2c91809c6faade77016fb4f0b63407ae + name: Admin Access + accessProfileCount: 1 + tags: + - TAG_1 + - TAG_2 + headers: + X-Total-Count: + schema: + type: integer + description: The total result count (returned only if the *count* parameter is specified as *true*). + example: 30 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /search/count: + post: + tags: + - Search + description: Performs a search with a provided query and returns the count of results in the X-Total-Count header. + operationId: searchCount + summary: Count Documents Satisfying a Query + requestBody: + content: + application/json: + schema: + type: object + properties: + indices: + description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.' + externalDocs: + description: Learn more about search indices here. + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html' + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + queryType: + description: |- + The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body. + To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly. + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + - TYPEAHEAD + default: SAILPOINT + example: SAILPOINT + queryVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the query object. + This version number will map to the version of Elasticsearch for the query strings and objects being used. + query: + type: object + description: Query parameters used to construct an Elasticsearch query object. + properties: + query: + description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'name:a*' + fields: + description: The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields. + type: array + items: + type: string + example: + - name + timeZone: + description: The time zone to be applied to any range query related to dates. + type: string + example: America/Chicago + innerHit: + description: The innerHit query object returns a flattened list of results for the specified nested type. + type: object + required: + - query + - type + properties: + query: + description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'source.name:\"Active Directory\"' + type: + description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.' + type: string + example: access + queryDsl: + description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.' + type: object + example: + match: + name: john.doe + typeAheadQuery: + type: object + description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." ' + required: + - query + - field + properties: + query: + description: The type ahead query string used to construct a phrase prefix match query. + type: string + example: Work + field: + description: The field on which to perform the type ahead search. + type: string + example: source.name + nestedType: + description: The nested type. + type: string + example: access + maxExpansions: + description: |- + The number of suffixes the last term will be expanded into. + Influences the performance of the query and the number results returned. + Valid values: 1 to 1000. + type: integer + format: int32 + minimum: 1 + maximum: 1000 + default: 10 + example: 10 + includeNested: + description: Indicates whether nested objects from returned search results should be included. + type: boolean + default: true + example: true + queryResultFilter: + type: object + description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents. + properties: + includes: + description: The list of field names to include in the result documents. + type: array + items: + type: string + example: + - name + - displayName + excludes: + description: The list of field names to exclude from the result documents. + type: array + items: + type: string + example: + - stacktrace + aggregationType: + description: | + Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results. + + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + default: DSL + example: DSL + aggregationsVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the language being used for aggregation queries. + This version number will map to the version of Elasticsearch for the aggregation query object. + aggregationsDsl: + description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.' + type: object + example: {} + aggregations: + description: | + The aggregation’s specifications, such as the groupings and calculations to be performed. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + sort: + description: The fields to be used to sort the search results. Use + or - to specify the sort direction. + type: array + items: + type: string + example: + - displayName + - +id + searchAfter: + description: |- + Used to begin the search window at the values specified. + This parameter consists of the last values of the sorted fields in the current record set. + This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. + It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. + For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. + If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. + The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"] + type: array + items: + type: string + example: + - John Doe + - 2c91808375d8e80a0175e1f88a575221 + filters: + description: The filters to be applied for each filtered field name. + type: object + additionalProperties: + type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + example: {} + examples: + query-timeZone: + summary: Query with TimeZone + value: + indices: + - identities + query: + query: 'created: [2022-05-19T19:26:03.351Z TO now]' + timeZone: America/Los_Angeles + required: true + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + headers: + X-Total-Count: + description: The total result count. + schema: + type: integer + example: 5 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /search/aggregate: + post: + tags: + - Search + description: 'Performs a search query aggregation and returns the aggregation result. By default, you can page a maximum of 10,000 search result records. To page past 10,000 records, you can use searchAfter paging. Refer to [Paginating Search Queries](https://developer.sailpoint.com/idn/api/standard-collection-parameters#paginating-search-queries) for more information about how to implement searchAfter paging. ' + operationId: searchAggregate + summary: Perform a Search Query Aggregation + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + requestBody: + content: + application/json: + schema: + type: object + properties: + indices: + description: 'The names of the Elasticsearch indices in which to search. If none are provided, then all indices will be searched.' + externalDocs: + description: Learn more about search indices here. + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html' + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + queryType: + description: |- + The type of query to use. By default, the `SAILPOINT` query type is used, which requires the `query` object to be defined in the request body. + To use the `queryDsl` or `typeAheadQuery` objects in the request, you must set the type to `DSL` or `TYPEAHEAD` accordingly. + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + - TYPEAHEAD + default: SAILPOINT + example: SAILPOINT + queryVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the query object. + This version number will map to the version of Elasticsearch for the query strings and objects being used. + query: + type: object + description: Query parameters used to construct an Elasticsearch query object. + properties: + query: + description: 'The query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'name:a*' + fields: + description: The fields to which the specified query will be applied. The available fields are dependent on the indice(s) being searched on. Please refer to the response schema of this API for a list of available fields. + type: array + items: + type: string + example: + - name + timeZone: + description: The time zone to be applied to any range query related to dates. + type: string + example: America/Chicago + innerHit: + description: The innerHit query object returns a flattened list of results for the specified nested type. + type: object + required: + - query + - type + properties: + query: + description: 'The search query using the Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL extended by SailPoint to support Nested queries.' + type: string + example: 'source.name:\"Active Directory\"' + type: + description: 'The nested type to use in the inner hits query. The nested type [Nested Type](https://www.elastic.co/guide/en/elasticsearch/reference/current/nested.html) refers to a document "nested" within another document. For example, an identity can have nested documents for access, accounts, and apps.' + type: string + example: access + queryDsl: + description: 'The search query using the Elasticsearch [Query DSL](https://www.elastic.co/guide/en/elasticsearch/reference/7.10/query-dsl.html) syntax.' + type: object + example: + match: + name: john.doe + typeAheadQuery: + type: object + description: 'Query parameters used to construct an Elasticsearch type ahead query object. The typeAheadQuery performs a search for top values beginning with the typed values. For example, typing "Jo" results in top hits matching "Jo." Typing "Job" results in top hits matching "Job." ' + required: + - query + - field + properties: + query: + description: The type ahead query string used to construct a phrase prefix match query. + type: string + example: Work + field: + description: The field on which to perform the type ahead search. + type: string + example: source.name + nestedType: + description: The nested type. + type: string + example: access + maxExpansions: + description: |- + The number of suffixes the last term will be expanded into. + Influences the performance of the query and the number results returned. + Valid values: 1 to 1000. + type: integer + format: int32 + minimum: 1 + maximum: 1000 + default: 10 + example: 10 + includeNested: + description: Indicates whether nested objects from returned search results should be included. + type: boolean + default: true + example: true + queryResultFilter: + type: object + description: Allows the query results to be filtered by specifying a list of fields to include and/or exclude from the result documents. + properties: + includes: + description: The list of field names to include in the result documents. + type: array + items: + type: string + example: + - name + - displayName + excludes: + description: The list of field names to exclude from the result documents. + type: array + items: + type: string + example: + - stacktrace + aggregationType: + description: | + Enum representing the currently available query languages for aggregations, which are used to perform calculations or groupings on search results. + + Additional values may be added in the future without notice. + type: string + enum: + - DSL + - SAILPOINT + default: DSL + example: DSL + aggregationsVersion: + allOf: + - description: The current Elasticserver version. + type: string + default: '5.2' + example: '5.2' + - type: string + description: |- + The version of the language being used for aggregation queries. + This version number will map to the version of Elasticsearch for the aggregation query object. + aggregationsDsl: + description: 'The aggregation search query using Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) syntax.' + type: object + example: {} + aggregations: + description: | + The aggregation’s specifications, such as the groupings and calculations to be performed. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + allOf: + - type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + - type: object + properties: + subAggregation: + description: Aggregation to be performed on the result of the parent bucket aggregation. + type: object + properties: + nested: + type: object + description: The nested aggregation object. + required: + - name + - type + properties: + name: + description: The name of the nested aggregate to be included in the result. + type: string + example: id + type: + description: The type of the nested object. + type: string + example: access + metric: + type: object + description: The calculation done on the results of the query + required: + - name + - field + properties: + name: + description: |- + The name of the metric aggregate to be included in the result. + If the metric aggregation is omitted, the resulting aggregation will be a count of the documents in the search results. + type: string + example: Access Name Count + type: + description: |- + Enum representing the currently supported metric aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - COUNT + - UNIQUE_COUNT + - AVG + - SUM + - MEDIAN + - MIN + - MAX + default: UNIQUE_COUNT + example: COUNT + field: + description: | + The field the calculation is performed on. + + Prefix the field name with '@' to reference a nested object. + type: string + example: '@access.name' + filter: + type: object + description: An additional filter to constrain the results of the search query. + required: + - name + - field + - value + properties: + name: + description: The name of the filter aggregate to be included in the result. + type: string + example: Entitlements + type: + description: |- + Enum representing the currently supported filter aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERM + default: TERM + example: TERM + field: + description: | + The search field to apply the filter to. + + Prefix the field name with '@' to reference a nested object. + type: string + example: access.type + value: + description: The value to filter on. + type: string + example: ENTITLEMENT + bucket: + type: object + description: The bucket to group the results of the aggregation query by. + required: + - name + - field + properties: + name: + description: The name of the bucket aggregate to be included in the result. + type: string + example: Identity Locations + type: + description: |- + Enum representing the currently supported bucket aggregation types. + Additional values may be added in the future without notice. + type: string + enum: + - TERMS + default: TERMS + example: TERMS + field: + description: |- + The field to bucket on. + Prefix the field name with '@' to reference a nested object. + type: string + example: attributes.city + size: + description: Maximum number of buckets to include. + type: integer + format: int32 + example: 100 + minDocCount: + description: Minimum number of documents a bucket should have. + type: integer + format: int32 + example: 2 + sort: + description: The fields to be used to sort the search results. Use + or - to specify the sort direction. + type: array + items: + type: string + example: + - displayName + - +id + searchAfter: + description: |- + Used to begin the search window at the values specified. + This parameter consists of the last values of the sorted fields in the current record set. + This is used to expand the Elasticsearch limit of 10K records by shifting the 10K window to begin at this value. + It is recommended that you always include the ID of the object in addition to any other fields on this parameter in order to ensure you don't get duplicate results while paging. + For example, when searching for identities, if you are sorting by displayName you will also want to include ID, for example ["displayName", "id"]. + If the last identity ID in the search result is 2c91808375d8e80a0175e1f88a575221 and the last displayName is "John Doe", then using that displayName and ID will start a new search after this identity. + The searchAfter value will look like ["John Doe","2c91808375d8e80a0175e1f88a575221"] + type: array + items: + type: string + example: + - John Doe + - 2c91808375d8e80a0175e1f88a575221 + filters: + description: The filters to be applied for each filtered field name. + type: object + additionalProperties: + type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + example: {} + examples: + metricAggregation: + summary: MetricAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + metric: + name: How Many Locations + type: UNIQUE_COUNT + field: attributes.city + metricAggregation-dsl: + summary: MetricAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + How Many Locations: + cardinality: + field: attributes.city.exact + bucketAggregation: + summary: BucketAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + bucket: + name: Identity Locations + type: TERMS + field: attributes.city + bucketAggregation-dsl: + summary: BucketAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + Identity Locations: + terms: + field: attributes.city.exact + nestedAggregation-bucketAggregation: + summary: NestedAggregation with BucketAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + nested: + name: Access + field: access + type: TERMS + bucket: + name: Access Source Name + type: TERMS + field: access.source.name + nestedAggregation-bucketAggregation-dsl: + summary: NestedAggregation with BucketAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + access: + nested: + path: access + aggs: + Access Source Name: + terms: + field: access.source.name.exact + nestedAggregation-filterAggregation-bucketAggregation: + summary: NestedAggregation with FilterAggregation and BucketAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + nested: + name: Access + field: access + type: TERMS + filter: + name: Entitlements + field: access.type + value: ENTITLEMENT + bucket: + name: Access Name + type: TERMS + field: access.name + nestedAggregation-filterAggregation-bucketAggregation-dsl: + summary: NestedAggregation with FilterAggregation and BucketAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + access: + nested: + path: access + aggs: + Entitlements: + filter: + term: + access.type: ENTITLEMENT + aggs: + Access Name: + terms: + field: access.name.exact + bucketAggregation-subAggregation: + summary: BucketAggregation with SubAggregation + value: + indices: + - aggregations + aggregationType: SAILPOINT + aggregations: + bucket: + name: Identity Department + type: TERMS + field: attributes.department + subAggregation: + bucket: + name: Identity Locations + type: TERMS + field: attributes.city + bucketAggregation-subAggregation-dsl: + summary: BucketAggregation with SubAggregation using DSL + value: + indices: + - aggregations + aggregationType: DSL + aggregationsDsl: + Identity Department: + terms: + field: attributes.department.exact + aggs: + Identity Locations: + terms: + field: attributes.city.exact + required: true + responses: + '200': + description: Aggregation results. + content: + application/json: + schema: + type: object + properties: + aggregations: + type: object + description: | + The document containing the results of the aggregation. This document is controlled by Elasticsearch and depends on the type of aggregation query that is run. + + See Elasticsearch [Aggregations](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/search-aggregations.html) documentation for information. + example: + Identity Locations: + buckets: + - key: Austin + doc_count: 109 + - key: London + doc_count: 64 + - key: San Jose + doc_count: 27 + - key: Brussels + doc_count: 26 + - key: Sao Paulo + doc_count: 24 + - key: Munich + doc_count: 23 + - key: Singapore + doc_count: 22 + - key: Tokyo + doc_count: 20 + - key: Taipei + doc_count: 16 + hits: + description: | + The results of the aggregation search query. + type: array + items: + discriminator: + propertyName: _type + mapping: + accessprofile: ../model/access/profile/AccessProfileDocument.yaml + accountactivity: ../model/account/activity/AccountActivityDocument.yaml + account: ../model/account/AccountDocument.yaml + aggregation: ../model/aggregation/AggregationDocument.yaml + entitlement: ../model/entitlement/EntitlementDocument.yaml + event: ../model/event/EventDocument.yaml + identity: ../model/identity/IdentityDocument.yaml + role: ../model/role/RoleDocument.yaml + oneOf: + - description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + - description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + - description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + - description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + text/csv: + schema: + description: | + If the *Accept:text/csv* header is specified and the *aggregationType* parameter in the request body is *SAILPOINT*, + + the aggregation result will be returned as a CSV document. + type: string + example: + - 'Identity Locations,Count' + - 'Munich,23' + - 'Brussels,26' + - 'Singapore,22' + - 'Tokyo,20' + - 'Taipei,16' + - 'London,64' + - 'Austin,109' + - 'Sao Paulo,24' + - 'San Jose,27' + headers: + X-Total-Count: + description: The total result count (returned only if the *count* parameter is specified as *true*). + schema: + type: integer + example: 5 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/search/{index}/{id}': + get: + tags: + - Search + description: 'Fetches a single document from the specified index, using the specified document ID.' + operationId: searchGet + summary: Get a Document by ID + parameters: + - in: path + name: index + description: | + The index from which to fetch the specified document. + + The currently supported index names are: *accessprofiles*, *accountactivities*, *accounts*, *aggregations*, *entitlements*, *events*, *identities*, and *roles*. + schema: + type: string + required: true + example: accounts + - in: path + name: id + description: ID of the requested document. + schema: + type: string + required: true + example: 2c91808568c529c60168cca6f90c1313 + responses: + '200': + description: The requested document. + content: + application/json: + schema: + discriminator: + propertyName: _type + mapping: + accessprofile: ../model/access/profile/AccessProfileDocument.yaml + accountactivity: ../model/account/activity/AccountActivityDocument.yaml + account: ../model/account/AccountDocument.yaml + aggregation: ../model/aggregation/AggregationDocument.yaml + entitlement: ../model/entitlement/EntitlementDocument.yaml + event: ../model/event/EventDocument.yaml + identity: ../model/identity/IdentityDocument.yaml + role: ../model/role/RoleDocument.yaml + oneOf: + - description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + - description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + - description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + - description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + examples: + accessProfile: + summary: AccessProfile + value: + id: 2c9180825a6c1adc015a71c9023f0818 + name: Cloud Eng + _type: accessprofile + description: Cloud Eng + created: '2017-02-24T20:21:23.145Z' + modified: '2019-05-24T20:36:04.312Z' + synced: '2020-02-18T05:30:20.414Z' + enabled: true + requestable: true + requestCommentsRequired: false + owner: + id: ff8081815757d36a015757d42e56031e + name: SailPoint Support + type: IDENTITY + email: cloud-support@sailpoint.com + source: + id: ff8081815757d4fb0157588f3d9d008f + name: Employees + entitlements: + - id: 2c918084575812550157589064f33b89 + name: 'CN=Cloud Engineering,DC=sailpoint,DC=COM' + description: mull + attribute: memberOf + value: 'CN=Cloud Engineering,DC=sailpoint,DC=COM' + entitlementCount: 1 + tags: + - TAG_1 + - TAG_2 + entitlement: + summary: Entitlement + value: + id: 2c9180946ed0c43d016eec1a80892fbd + name: entitlement.aa415ae7 + _type: entitlement + description: 'null' + attribute: groups + value: entitlement.aa415ae7 + modified: '2019-12-09T19:19:50.154Z' + synced: '2020-02-19T04:30:32.906Z' + displayName: entitlement.aa415ae7 + source: + id: 2c91808b6e9e6fb8016eec1a2b6f7b5f + name: ODS-HR-Employees + privileged: false + identityCount: 68 + tags: + - TAG_1 + - TAG_2 + event: + summary: Event + value: + id: e092842f-c904-4b59-aac8-2544abeeef4b + name: Update Task Schedule Passed + _type: event + created: '2020-02-17T16:23:18.327Z' + synced: '2020-02-17T16:23:18.388Z' + action: TASK_SCHEDULE_UPDATE_PASSED + type: SYSTEM_CONFIG + actor: + name: MantisTaskScheduler + target: + name: Perform provisioning activity search delete synchronization + stack: tpe + trackingNumber: c6b98bc39ece48b080826d16c76b166c + ipAddress: 207.189.160.158 + details: 'null' + attributes: + sourceName: SailPoint + objects: + - TASK + - SCHEDULE + operation: UPDATE + status: PASSED + technicalName: TASK_SCHEDULE_UPDATE_PASSED + identity: + summary: Identity + value: + id: 2c9180865c45e7e3015c46c434a80622 + name: ad.admin + _type: identity + firstName: AD + lastName: Admin + displayName: AD Admin + email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM + created: '2018-08-22T19:54:54.302Z' + modified: '2018-08-22T19:54:54.302Z' + synced: '2018-08-22T19:54:54.302Z' + phone: 512-942-7578 + inactive: false + protected: false + status: UNREGISTERED + employeeNumber: O349804 + manager: null + isManager: false + identityProfile: + id: 2c918085605c8d0601606f357cb231e6 + name: E2E AD + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + attributes: + uid: ad.admin + firstname: AD + cloudAuthoritativeSource: 2c9180855c45b230015c46c19b9c0202 + cloudStatus: UNREGISTERED + iplanet-am-user-alias-list: null + displayName: AD Admin + internalCloudStatus: UNREGISTERED + workPhone: 512-942-7578 + email: SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM + lastname: Admin + processingState: null + processingDetails: null + accounts: + - id: 2c9180865c45e7e3015c46c434a80623 + name: ad.admin + accountId: 'CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local' + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + type: Active Directory - Direct + disabled: false + locked: false + privileged: false + manuallyCorrelated: false + passwordLastSet: '2018-08-22T19:54:54.302Z' + entitlementAttributes: + memberOf: + - 'CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local' + - 'CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local' + - 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local' + created: '2018-08-22T19:54:54.302Z' + - id: 2c918083606d670c01606f35a30a0349 + name: ad.admin + accountId: ad.admin + source: + id: ff8081815c46b85b015c46b90c7c02a6 + name: IdentityNow + type: IdentityNowConnector + disabled: false + locked: false + privileged: false + manuallyCorrelated: false + passwordLastSet: null + entitlementAttributes: null + created: '2018-08-22T19:54:54.302Z' + accountCount: 2 + apps: + - id: '22751' + name: ADP Workforce Now + source: + id: 2c9180855c45b230015c46e2f6a8026a + name: Corporate Active Directory + account: + id: 2c9180865c45efa4015c470be0de1606 + accountId: 'CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + appCount: 1 + access: + - id: 2c918083634bc6cb01639808d40270ba + name: 'test [AccessProfile-1527264105448]' + displayName: test + type: ACCESS_PROFILE + description: test + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + owner: + id: 2c9180865c45e7e3015c46c434a80622 + name: ad.admin + displayName: AD Admin + - id: 2c9180865c45e7e3015c46c457c50755 + name: Administrators + displayName: Administrators + type: ENTITLEMENT + description: null + source: + id: 2c9180855c45b230015c46c19b9c0202 + name: EndToEnd-ADSource + privileged: false + attribute: memberOf + value: 'CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local' + standalone: false + - id: 2c9180865decdaa5015e06598b293108 + name: 'test [cloudRole-1503345085223]' + displayName: test + type: ROLE + description: test + owner: + id: 2c9180865c45e7e3015c46c5030707a0 + name: will.albin + displayName: Albin Will + disabled: false + accessCount: 3 + accessProfileCount: 1 + entitlementCount: 1 + roleCount: 1 + tags: + - TAG_1 + - TAG_2 + role: + summary: Role + value: + id: 2c91808c6faadea6016fb4f2bc69077b + name: IT Role + _type: role + description: IT role + created: '2020-01-17T19:20:15.040Z' + modified: null + synced: '2020-02-18T05:30:20.145Z' + enabled: true + requestable: false + requestCommentsRequired: false + owner: + id: 2c9180a46faadee4016fb4e018c20639 + name: Cloud Support + type: IDENTITY + email: thomas.edison@acme-solar.com + accessProfiles: + - id: 2c91809c6faade77016fb4f0b63407ae + name: Admin Access + accessProfileCount: 1 + tags: + - TAG_1 + - TAG_2 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /service-desk-integrations: + get: + tags: + - Service Desk Integration + summary: List existing Service Desk Integrations + description: Get a list of ServiceDeskIntegrationDto for existing Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegrations + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - name: sorters + in: query + required: false + style: form + explode: true + schema: + type: string + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **name** + example: name + - name: filters + in: query + required: false + style: form + explode: true + schema: + type: string + format: comma-separated + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *eq* + + **type**: *eq, in* + + **cluster**: *eq, in* + example: name eq "John Doe" + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: List of ServiceDeskIntegrationDto + content: + application/json: + schema: + type: array + items: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + description: Reference to the identity that is the owner of this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + clusterRef: + description: Reference to the source cluster for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + description: Reference to beforeProvisioningRule for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + post: + tags: + - Service Desk Integration + summary: Create a new Service Desk integration + description: Create a new Service Desk Integrations. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: createServiceDeskIntegration + requestBody: + description: The specifics of a new integration to create + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + description: Reference to the identity that is the owner of this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + clusterRef: + description: Reference to the source cluster for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + description: Reference to beforeProvisioningRule for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + required: true + responses: + '200': + description: details of the created integration + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + description: Reference to the identity that is the owner of this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + clusterRef: + description: Reference to the source cluster for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + description: Reference to beforeProvisioningRule for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:write' + - 'idn:service-desk-integration:write' + '/service-desk-integrations/{id}': + get: + tags: + - Service Desk Integration + summary: Get a Service Desk integration by ID + description: Get an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegration + parameters: + - name: id + in: path + description: ID of the Service Desk integration to get + required: true + style: simple + explode: false + schema: + type: string + example: anId + responses: + '200': + description: ServiceDeskIntegrationDto with the given ID + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + description: Reference to the identity that is the owner of this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + clusterRef: + description: Reference to the source cluster for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + description: Reference to beforeProvisioningRule for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + put: + tags: + - Service Desk Integration + summary: Update a Service Desk integration by ID + description: Update an existing Service Desk integration by ID with updated value in JSON form as the request body. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: updateServiceDeskIntegration + parameters: + - name: id + in: path + description: ID of the Service Desk integration to update + required: true + style: simple + explode: false + schema: + type: string + example: anId + requestBody: + description: The specifics of the integration to update + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + description: Reference to the identity that is the owner of this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + clusterRef: + description: Reference to the source cluster for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + description: Reference to beforeProvisioningRule for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + required: true + responses: + '200': + description: ServiceDeskIntegrationDto as updated + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + description: Reference to the identity that is the owner of this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + clusterRef: + description: Reference to the source cluster for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + description: Reference to beforeProvisioningRule for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:write' + - 'idn:service-desk-integration:write' + delete: + tags: + - Service Desk Integration + summary: Delete a Service Desk integration by ID + description: Delete an existing Service Desk integration by ID. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: deleteServiceDeskIntegration + parameters: + - name: id + in: path + description: ID of Service Desk integration to delete + required: true + style: simple + explode: false + schema: + type: string + example: anId + responses: + '204': + description: Service Desk integration with the given ID successfully deleted + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:write' + - 'idn:service-desk-integration:write' + patch: + operationId: patchServiceDeskIntegration + tags: + - Service Desk Integration + summary: Service Desk Integration Update - PATCH + description: Update an existing ServiceDeskIntegration by ID with a PATCH request. + parameters: + - name: id + in: path + description: ID of the Service Desk integration to update + required: true + style: simple + explode: false + schema: + type: string + example: anId + requestBody: + required: true + description: | + A list of SDIM update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + PATCH can only be applied to the following fields: + * "beforeProvisioningRule" + + A 403 Forbidden Error indicates that you attempted to PATCH a field that is not allowed. + content: + application/json-patch+json: + schema: + type: object + description: 'A JSONPatch document as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + properties: + operations: + description: Operations to be applied + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + responses: + '200': + description: ServiceDeskIntegrationDto as updated + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + description: Reference to the identity that is the owner of this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + clusterRef: + description: Reference to the source cluster for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + description: Reference to beforeProvisioningRule for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:write' + - 'idn:service-desk-integration:write' + /service-desk-integrations/types: + get: + tags: + - Service Desk Integration + summary: Service Desk Integration Types List. + description: This API endpoint returns the current list of supported Service Desk integration types. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegrationTypes + responses: + '200': + description: Responds with an array of the currently supported Service Desk integration types. + content: + application/json: + schema: + type: array + items: + description: This represents a Service Desk Integration template type. + required: + - type + - scriptName + type: object + properties: + name: + description: This is the name of the type. + example: aName + type: string + type: + description: This is the type value for the type. + example: aType + type: string + scriptName: + description: This is the scriptName attribute value for the type. + example: aScriptName + type: string + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + '/service-desk-integrations/templates/{scriptName}': + get: + tags: + - Service Desk Integration + summary: Service Desk integration template by scriptName. + description: This API endpoint returns an existing Service Desk integration template by scriptName. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getServiceDeskIntegrationTemplate + parameters: + - name: scriptName + in: path + description: The scriptName value of the Service Desk integration template to get + required: true + style: simple + explode: false + schema: + type: string + example: aScriptName + responses: + '200': + description: Responds with the ServiceDeskIntegrationTemplateDto with the specified scriptName. + content: + application/json: + schema: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.' + required: + - type + - attributes + - provisioningConfig + properties: + type: + description: The 'type' property specifies the type of the Service Desk integration template. + type: string + example: Web Service SDIM + default: Web Service SDIM + attributes: + description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template. + type: object + additionalProperties: true + example: + property: value + key: value + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + /service-desk-integrations/status-check-configuration: + get: + tags: + - Service Desk Integration + summary: Get the time check configuration of queued SDIM tickets + description: Get the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: getStatusCheckDetails + responses: + '200': + description: QueuedCheckConfigDetails containing the configured values + content: + application/json: + schema: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: '30' + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: '2' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:read' + - 'idn:service-desk-integration:read' + put: + tags: + - Service Desk Integration + summary: Update the time check configuration of queued SDIM tickets + description: Update the time check configuration of queued SDIM tickets. A token with Org Admin or Service Desk Admin authority is required to access this endpoint. + operationId: updateStatusCheckDetails + requestBody: + description: the modified time check configuration + content: + application/json: + schema: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: '30' + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: '2' + required: true + responses: + '200': + description: QueuedCheckConfigDetails as updated + content: + application/json: + schema: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: '30' + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: '2' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:service-desk-admin:write' + - 'idn:service-desk-integration:write' + /query-password-info: + post: + operationId: queryPasswordInfo + tags: + - Password Management + summary: Query Password Info + description: | + This API is used to query password related information. + + A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) + is required to call this API. "API authority" refers to a token that only has the "client_credentials" + grant type, and therefore no user context. A [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) + or a token generated with the [authorization_code](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) + grant type will **NOT** work on this endpoint, and a `403 Forbidden` response + will be returned. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + userName: + type: string + description: The login name of the user + example: Abby.Smith + sourceName: + type: string + description: The display name of the source + example: My-AD + responses: + '200': + description: Reference to the password info. + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + description: Identity ID + example: 2c918085744fec4301746f9a5bce4605 + sourceId: + type: string + description: source ID + example: 2c918083746f642c01746f990884012a + publicKeyId: + type: string + description: public key ID + example: N2M1OTJiMGEtMDJlZS00ZWU3LTkyYTEtNjA5YmI5NWE3ZWVh + publicKey: + type: string + description: User's public key with Base64 encoding + example: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGFkWi2J75TztpbaPKd36bJnIB3J8gZ6UcoS9oSDYsqBzPpTsfZXYaEf4Y4BKGgJIXmE/lwhwuj7mU1itdZ2qTSNFtnXA8Fn75c3UUkk+h+wdZbkuSmqlsJo3R1OnJkwkJggcAy9Jvk9jlcrNLWorpQ1w9raUvxtvfgkSdq153KxotenQ1HciSyZ0nA/Kw0UaucLnho8xdRowZs11afXGXA9IT9H6D8T6zUdtSxm0nAyH+mluma5LdTfaM50W3l/L8q56Vrqmx2pZIiwdx/0+g3Y++jV70zom0ZBkC1MmSoLMrQYG5OICNjr72f78B2PaGXfarQHqARLjKpMVt9YIQIDAQAB + accounts: + type: array + description: Account info related to queried identity and source + items: + type: object + properties: + accountId: + type: string + description: 'Account ID of the account. This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350' + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + accountName: + type: string + description: 'Display name of the account. This is specified per account schema in the source configuration. It is used to display name of the account. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-Name-for/ta-p/74008' + example: Abby.Smith + policies: + type: array + description: Password constraints + items: + type: string + example: + - passwordRepeatedChar is 3 + - passwordMinAlpha is 1 + - passwordMinLength is 5 + - passwordMinNumeric is 1 + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /set-password: + post: + operationId: setPassword + tags: + - Password Management + summary: Set Identity's Password + description: | + This API is used to set a password for an identity. + + An identity can change their own password if they use a token generated by their IDN user, such as a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) or ["authorization_code" derived OAuth token](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow). + + A token with [API authority](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) can be used to change **any** identity's password. "API authority" refers to a token that only has the "client_credentials" grant type. + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + identityId: + type: string + description: The identity ID that requested the password change + example: 8a807d4c73c545510173c545f0a002ff + encryptedPassword: + type: string + description: The RSA encrypted password + example: XzN+YwKgr2C+InkMYFMBG3UtjMEw5ZIql/XFlXo8cJNeslmkplx6vn4kd4/43IF9STBk5RnzR6XmjpEO+FwHDoiBwYZAkAZK/Iswxk4OdybG6Y4MStJCOCiK8osKr35IMMSV/mbO4wAeltoCk7daTWzTGLiI6UaT5tf+F2EgdjJZ7YqM8W8r7aUWsm3p2Xt01Y46ZRx0QaM91QruiIx2rECFT2pUO0wr+7oQ77jypATyGWRtADsu3YcvCk/6U5MqCnXMzKBcRas7NnZdSL/d5H1GglVGz3VLPMaivG4/oL4chOMmFCRl/zVsGxZ9RhN8rxsRGFFKn+rhExTi+bax3A== + publicKeyId: + type: string + description: The encryption key ID + example: YWQ2NjQ4MTItZjY0NC00MWExLWFjMjktOGNmMzU3Y2VlNjk2 + accountId: + type: string + description: 'Account ID of the account This is specified per account schema in the source configuration. It is used to distinguish accounts. More info can be found here https://community.sailpoint.com/t5/IdentityNow-Connectors/How-do-I-designate-an-account-attribute-as-the-Account-ID-for-a/ta-p/80350' + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + sourceId: + type: string + description: The ID of the source for which identity is requesting the password change + example: 8a807d4c73c545510173c545d4b60246 + responses: + '202': + description: Reference to the password change. + content: + application/json: + schema: + type: object + properties: + requestId: + type: string + nullable: true + description: The password change request ID + example: 089899f13a8f4da7824996191587bab9 + state: + type: string + enum: + - IN_PROGRESS + - FINISHED + - FAILED + description: Password change state + example: IN_PROGRESS + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/password-change-status/{id}': + get: + operationId: getPasswordChangeStatus + tags: + - Password Management + summary: Get Password Change Request Status + description: This API returns the status of a password change request. A token with identity owner or trusted API client application authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + example: 089899f13a8f4da7824996191587bab9 + description: Password change request ID + responses: + '200': + description: Status of the password change request + content: + application/json: + schema: + type: object + properties: + requestId: + type: string + nullable: true + description: The password change request ID + example: 089899f13a8f4da7824996191587bab9 + state: + type: string + enum: + - IN_PROGRESS + - FINISHED + - FAILED + description: Password change state + example: IN_PROGRESS + errors: + type: array + items: + type: string + description: The errors during the password change request + example: + - The password change payload is invalid + sourceIds: + type: array + items: + type: string + description: List of source IDs in the password change request + example: + - 2c918083746f642c01746f990884012a + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /password-dictionary: + get: + operationId: getPasswordDictionary + tags: + - Password Dictionary + summary: Get Password Dictionary + description: |- + This gets password dictionary for the organization. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:password-dictionary-management:read' + responses: + '200': + description: |- + + The password dictionary file can contain lines that are: + 1. comment lines - the first character is '#', can be 128 Unicode codepoints in length, and are ignored during processing + 2. empty lines + 3. locale line - the first line that starts with "locale=" is considered to be locale line, the rest are treated as normal content lines + 4. line containing the password dictionary word - it must start with non-whitespace character and only non-whitespace characters are allowed; + maximum length of the line is 128 Unicode codepoints + + + Password dictionary file may not contain more than 2,500 lines (not counting whitespace lines, comment lines and locale line). + Password dict file must contain UTF-8 characters only. + + # Sample password text file + + ``` + + # Password dictionary small test file + + locale=en_US + + # Password dictionary prohibited words + + qwerty + abcd + aaaaa + password + qazxsws + + ``` + content: + text/plain: + schema: + type: string + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /sources: + get: + operationId: listSources + tags: + - Sources + summary: Lists all sources in IdentityNow. + description: |- + This end-point lists all the sources in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or ROLE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: filters + schema: + type: string + example: name eq "#Employees" + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + + Filtering is supported for the following fields and operators: + + **id**: *eq, in* + + **name**: *co, eq, in, sw* + + **type**: *eq, in* + + **owner.id**: *eq, in* + + **features**: *ca, co* + + **created**: *eq* + + **modified**: *eq* + + **managementWorkgroup.id**: *eq* + + **description**: *eq* + + **authoritative**: *eq* + + **healthy**: *eq* + + **status**: *eq, in* + + **connectionType**: *eq* + + **connectorName**: *eq* + - in: query + name: sorters + schema: + type: string + format: comma-separated + example: name + description: |- + Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results) + + Sorting is supported for the following fields: **type, created, modified, name, owner.name, healthy, status** + - in: query + name: for-subadmin + schema: + type: string + example: name + description: |- + Filter the returned list of sources for the identity specified by the parameter, which is the id of an identity with the role SOURCE_SUBADMIN. By convention, the value **me** indicates the identity id of the current user. + Subadmins may only view Sources which they are able to administer; all other Sources will be filtered out when this parameter is set. If the current user is a SOURCE_SUBADMIN but fails to pass a valid value for this parameter, a 403 Forbidden is returned. + responses: + '200': + description: List of Source objects + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createSource + tags: + - Sources + summary: Creates a source in IdentityNow. + description: |- + This creates a specific source with a full source JSON representation. Any passwords are submitted as plain-text and encrypted upon receipt in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: query + name: provisionAsCsv + description: Configures the source as a DelimitedFile type of source. + schema: + type: boolean + required: false + example: false + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + responses: + '201': + description: 'Created Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}': + get: + operationId: getSource + tags: + - Sources + summary: Get Source by ID + description: |- + This end-point gets a specific source in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: A Source object + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putSource + tags: + - Sources + summary: Update Source (Full) + description: | + This API updates a source in IdentityNow, using a full object representation. In other words, the existing Source + configuration is completely replaced. + + Some fields are immutable and cannot be changed, such as: + + * id + * type + * authoritative + * connector + * connectorClass + * passwordPolicies + + Attempts to modify these fields will result in a 400 error. + + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + responses: + '200': + description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateSource + tags: + - Sources + summary: Update Source (Partial) + description: | + This API partially updates a source in IdentityNow, using a list of patch operations according to the + [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. + + Some fields are immutable and cannot be changed, such as: + + * id + * type + * authoritative + * created + * modified + * connector + * connectorClass + * passwordPolicies + + Attempts to modify these fields will result in a 400 error. + + A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN, or API authority is required to call this API. + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + description: 'A list of account update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard. Any password changes are submitted as plain-text and encrypted upon receipt in IdentityNow.' + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + Edit the source description: + description: This example shows how to edit a source description. + value: + - op: replace + path: /description + value: new description + Edit the source cluster: + description: This example shows how to edit a source cluster by id. + value: + - op: replace + path: /cluster/id + value: 2c918087813a902001813f3f85736b45 + Edit source features: + description: This example illustrates how you can update source supported features + value: + - op: replace + path: /features + value: + - PASSWORD + - PROVISIONING + - ENABLE + - AUTHENTICATE + Change a source description and cluster in One Call: + description: This example shows how multiple fields may be updated with a single patch call. + value: + - op: replace + path: /description + value: new description + - op: replace + path: /cluster/id + value: 2c918087813a902001813f3f85736b45 + Add a filter string to the connector: + description: 'This example shows how you can add a filter to incoming accounts during the account aggregation process. In the example below, any account that does not have an "m" or "d" in the id will be aggregated.' + value: + - op: add + path: /connectorAttributes/filterString + value: '!( id.contains( "m" ) ) || !( id.contains( "d" ) )' + Update connector attribute for specific operation type: + description: This example shows how you can update the 3rd object in the connection parameters operationType. This will change it from a standard group aggregation to a group aggregation on the "test" entitlement type + value: + - op: replace + path: /connectorAttributes/connectionParameters/2/operationType + value: Group Aggregation-test + responses: + '200': + description: 'Updated Source object. Any passwords will only show the the encrypted cipher-text, as they are not decrypt-able in IdentityNow cloud-based services, per IdentityNow security design.' + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSource + tags: + - Sources + summary: Delete Source by ID + description: |- + This end-point deletes a specific source in IdentityNow. + A token with ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + All of accounts on the source will be removed first, then the source will be deleted. Actual status of task execution can be retrieved via method GET `/task-status/{id}` + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + responses: + '202': + description: Accepted - Returned if the request was successfully accepted into the system. + content: + application/json: + schema: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - TASK_RESULT + example: TASK_RESULT + id: + type: string + description: ID of the task result + example: 2c91808779ecf55b0179f720942f181a + name: + type: string + description: Human-readable display name of the task result (should be null/empty) + example: null + examples: + deleteSource: + summary: Response returned when deleting a source + value: + type: TASK_RESULT + id: 2c91808779ecf55b0179f720942f181a + name: null + links: + GetTaskStatusById: + parameters: + id: $response.body#/id + description: | + The `id` value returned in the response can be used as the `id` parameter in `GET /task-status/{id}`. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/provisioning-policies': + get: + operationId: listProvisioningPolicies + tags: + - Sources + summary: Lists ProvisioningPolicies + description: |- + This end-point lists all the ProvisioningPolicies in IdentityNow. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy-list:read' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: List of ProvisioningPolicyDto objects + content: + application/json: + schema: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createProvisioningPolicy + tags: + - Sources + summary: Create Provisioning Policy + description: |- + This API generates a create policy/template based on field value transforms. This API is intended for use when setting up JDBC Provisioning type sources, but it will also work on other source types. + A token with ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:create' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + examples: + Create Account Provisioning Policy: + value: + name: Account + description: Account Provisioning Policy + usageType: CREATE + fields: + - name: displayName + transform: + type: identityAttribute + attributes: + name: displayName + attributes: {} + isRequired: false + type: string + isMultiValued: false + - name: distinguishedName + transform: + type: usernameGenerator + attributes: + sourceCheck: true + patterns: + - 'CN=$fi $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + - 'CN=$fti $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + - 'CN=$fn $ln,OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + - 'CN=$fn$ln${uniqueCounter},OU=zzUsers,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + fn: + type: identityAttribute + attributes: + name: firstname + ln: + type: identityAttribute + attributes: + name: lastname + fi: + type: substring + attributes: + input: + type: identityAttribute + attributes: + name: firstname + begin: 0 + end: 1 + fti: + type: substring + attributes: + input: + type: identityAttribute + attributes: + name: firstname + begin: 0 + end: 2 + attributes: + cloudMaxUniqueChecks: '5' + cloudMaxSize: '100' + cloudRequired: 'true' + isRequired: false + type: '' + isMultiValued: false + - name: description + transform: + type: static + attributes: + value: '' + attributes: {} + isRequired: false + type: string + isMultiValued: false + responses: + '201': + description: Created ProvisioningPolicyDto object + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/provisioning-policies/{usageType}': + get: + operationId: getProvisioningPolicy + tags: + - Sources + summary: Get Provisioning Policy by UsageType + description: |- + This end-point retrieves the ProvisioningPolicy with the specified usage on the specified Source in IdentityNow. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:read' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + example: REGISTER + responses: + '200': + description: The requested ProvisioningPolicyDto was successfully retrieved. + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putProvisioningPolicy + tags: + - Sources + summary: Update Provisioning Policy by UsageType + description: |- + This end-point updates the provisioning policy with the specified usage on the specified source in IdentityNow. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:update' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + requestBody: + required: true + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + responses: + '200': + description: The ProvisioningPolicyDto was successfully replaced. + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateProvisioningPolicy + tags: + - Sources + summary: Partial update of Provisioning Policy + description: |- + This API selectively updates an existing Provisioning Policy using a JSONPatch payload. + A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:update' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + requestBody: + required: true + description: The JSONPatch payload used to update the schema. + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + add-field: + summary: Add a field to the beginning of the list + value: + - op: add + path: /fields/0 + value: + name: email + transform: + type: identityAttribute + attributes: + name: email + attributes: {} + isRequired: false + type: string + isMultiValued: false + responses: + '200': + description: The ProvisioningPolicyDto was successfully updated. + content: + application/json: + schema: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteProvisioningPolicy + tags: + - Sources + summary: Delete Provisioning Policy by UsageType + description: |- + Deletes the provisioning policy with the specified usage on an application. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy:delete' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: usageType + required: true + schema: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + description: The type of ProvisioningPolicy usage. + responses: + '204': + description: The ProvisioningPolicyDto was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/provisioning-policies/bulk-update': + post: + operationId: updateProvisioningPoliciesInBulk + tags: + - Sources + summary: Bulk Update Provisioning Policies + description: |- + This end-point updates a list of provisioning policies on the specified source in IdentityNow. + A token with API, or ORG_ADMIN authority is required to call this API. + security: + - oauth2: + - 'idn:provisioning-policy-bulk:update' + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + responses: + '200': + description: A list of the ProvisioningPolicyDto was successfully replaced. + content: + application/json: + schema: + type: array + items: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/schemas': + get: + operationId: listSourceSchemas + tags: + - Sources + summary: List Schemas on a Source + description: | + Lists the Schemas that exist on the specified Source in IdentityNow. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source ID. + example: 2c9180835d191a86015d28455b4a2329 + - in: query + name: include-types + required: false + schema: + type: string + description: 'If set to ''group'', then the account schema is filtered and only group schemas are returned. Only a value of ''group'' is recognized.' + example: group + responses: + '200': + description: The Schemas were successfully retrieved. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: createSourceSchema + tags: + - Sources + summary: Create Schema on a Source + description: | + Creates a new Schema on the specified Source in IdentityNow. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + responses: + '201': + description: The Schema was successfully created on the specified Source. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/schemas/{schemaId}': + get: + operationId: getSourceSchema + tags: + - Sources + summary: Get Source Schema by ID + description: | + Get the Source Schema by ID in IdentityNow. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema id. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: The requested Schema was successfully retrieved. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + put: + operationId: putSourceSchema + tags: + - Sources + summary: Update Source Schema (Full) + description: | + This API will completely replace an existing Schema with the submitted payload. Some fields of the Schema cannot be updated. These fields are listed below. + + * id + * name + * created + * modified + + Any attempt to modify these fields will result in an error response with a status code of 400. + + > `id` must remain in the request body, but it cannot be changed. If `id` is omitted from the request body, the result will be a 400 error. + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + responses: + '200': + description: The Schema was successfully replaced. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + patch: + operationId: updateSourceSchema + tags: + - Sources + summary: Update Source Schema (Partial) + description: | + Use this API to selectively update an existing Schema using a JSONPatch payload. + + The following schema fields are immutable and cannot be updated: + + - id + - name + - created + - modified + + + To switch an account attribute to a group entitlement, you need to have the following in place: + + - `isEntitlement: true` + - Must define a schema for the group and [add it to the source](https://developer.sailpoint.com/idn/api/v3/create-source-schema) before updating the `isGroup` flag. For example, here is the `group` account attribute referencing a schema that defines the group: + ```json + { + "name": "groups", + "type": "STRING", + "schema": { + "type": "CONNECTOR_SCHEMA", + "id": "2c9180887671ff8c01767b4671fc7d60", + "name": "group" + }, + "description": "The groups, roles etc. that reference account group objects", + "isMulti": true, + "isEntitlement": true, + "isGroup": true + } + ``` + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema id. + example: 2c9180835d191a86015d28455b4a2329 + requestBody: + required: true + description: The JSONPatch payload used to update the schema. + content: + application/json-patch+json: + schema: + type: array + items: + type: object + description: 'A JSONPatch Operation as defined by [RFC 6902 - JSON Patch](https://tools.ietf.org/html/rfc6902)' + required: + - op + - path + properties: + op: + type: string + description: The operation to be performed + enum: + - add + - remove + - replace + - move + - copy + - test + example: replace + path: + type: string + description: A string JSON Pointer representing the target path to an element to be affected by the operation + example: /description + value: + anyOf: + - type: string + - type: integer + - type: object + - type: array + items: + anyOf: + - type: string + - type: integer + - type: object + description: 'The value to be used for the operation, required for "add" and "replace" operations' + example: New description + examples: + add-attribute: + summary: Add an attribute to the end of the list + value: + - op: add + path: /attributes/- + value: + name: location + type: STRING + schema: null + description: Employee location + isMulti: false + isEntitlement: false + isGroup: false + responses: + '200': + description: The Schema was successfully updated. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + delete: + operationId: deleteSourceSchema + tags: + - Sources + summary: Delete Source Schema by ID + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + - in: path + name: schemaId + schema: + type: string + required: true + description: The Schema id. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '204': + description: The Schema was successfully deleted. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{sourceId}/source-health': + get: + operationId: getSourceHealth + tags: + - Sources + summary: This API fetches source health by source's id + description: This endpoint fetches source health by source's id + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: Fetched source health successfully + content: + application/json: + schema: + type: object + description: Dto for source health data + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + name: + type: string + description: the name of the source + example: Source1234 + org: + type: string + description: source's org + example: denali-cjh + isAuthoritative: + type: boolean + example: false + description: Is the source authoritative + isCluster: + type: boolean + example: false + description: Is the source in a cluster + hostname: + type: string + example: megapod-useast1-secret-hostname.sailpoint.com + description: source's hostname + pod: + type: string + description: source's pod + example: megapod-useast1 + iqServiceVersion: + type: string + description: The version of the iqService + example: iqVersion123 + status: + type: string + enum: + - SOURCE_STATE_ERROR_CLUSTER + - SOURCE_STATE_ERROR_SOURCE + - SOURCE_STATE_ERROR_VA + - SOURCE_STATE_FAILURE_CLUSTER + - SOURCE_STATE_FAILURE_SOURCE + - SOURCE_STATE_HEALTHY + - SOURCE_STATE_UNCHECKED_CLUSTER + - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES + - SOURCE_STATE_UNCHECKED_SOURCE + - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS + description: connection test result + example: SOURCE_STATE_UNCHECKED_SOURCE + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/sources/{id}/schemas/accounts': + get: + tags: + - Sources + summary: Downloads source accounts schema template + description: |- + This API downloads the CSV schema that defines the account attributes on a source. + >**NOTE: This API is designated only for Delimited File sources.** + operationId: downloadSourceAccountsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + responses: + '200': + description: Successfully downloaded the file + content: + text/csv: + example: 'id,name,givenName,familyName,e-mail,location,manager,groups,startDate,endDate' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:read' + post: + tags: + - Sources + summary: Uploads source accounts schema template + description: |- + This API uploads a source schema template file to configure a source's account attributes. + + To retrieve the file to modify and upload, log into Identity Now. + + Click **Admin** -> **Connections** -> **Sources** -> **``** -> **Import Data** -> **Account Schema** -> **Options** -> **Download Schema** + + >**NOTE: This API is designated only for Delimited File sources.** + operationId: uploadSourceAccountsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Successfully uploaded the file + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:update' + '/sources/{id}/schemas/entitlements': + get: + tags: + - Sources + summary: Downloads source entitlements schema template + description: |- + This API downloads the CSV schema that defines the entitlement attributes on a source. + + >**NOTE: This API is designated only for Delimited File sources.** + operationId: downloadSourceEntitlementsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: schemaName + schema: + type: string + description: Name of entitlement schema + example: '?schemaName=group' + responses: + '200': + description: Successfully downloaded the file + content: + text/csv: + example: 'id,name,displayName,created,description,modified,entitlements,groups,permissions' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:read' + post: + tags: + - Sources + summary: Uploads source entitlements schema template + description: |- + This API uploads a source schema template file to configure a source's entitlement attributes. + + To retrieve the file to modify and upload, log into Identity Now. + + Click **Admin** -> **Connections** -> **Sources** -> **``** -> **Import Data** -> **Import Entitlements** -> **Download** + + >**NOTE: This API is designated only for Delimited File sources.** + operationId: uploadSourceEntitlementsSchema + parameters: + - in: path + name: id + required: true + schema: + type: string + description: The Source id + example: 8c190e6787aa4ed9a90bd9d5344523fb + - in: query + name: schemaName + schema: + type: string + description: Name of entitlement schema + example: '?schemaName=group' + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Successfully uploaded the file + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: The id of the Schema. + example: 2c9180835d191a86015d28455b4a2329 + name: + type: string + description: The name of the Schema. + example: account + nativeObjectType: + type: string + description: The name of the object type on the native system that the schema represents. + example: User + identityAttribute: + type: string + description: The name of the attribute used to calculate the unique identifier for an object in the schema. + example: sAMAccountName + displayAttribute: + type: string + description: The name of the attribute used to calculate the display value for an object in the schema. + example: distinguishedName + hierarchyAttribute: + type: string + description: The name of the attribute whose values represent other objects in a hierarchy. Only relevant to group schemas. + example: memberOf + includePermissions: + type: boolean + description: Flag indicating whether or not the include permissions with the object data when aggregating the schema. + example: false + features: + type: array + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + description: The features that the schema supports. + example: + - PROVISIONING + - NO_PERMISSIONS_PROVISIONING + - GROUPS_HAVE_MEMBERS + configuration: + type: object + description: Holds any extra configuration data that the schema may require. + example: + groupMemberAttribute: member + attributes: + type: array + description: The attribute definitions which form the schema. + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: sAMAccountName + type: + description: The type of the attribute. + example: STRING + type: string + enum: + - STRING + - LONG + - INT + - BOOLEAN + schema: + description: A reference to the schema on the source to the attribute values map to. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: The object ID this reference applies to. + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: The human-readable display name of the object. + example: group + description: + type: string + description: A human-readable description of the attribute. + example: SAM Account Name + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + example: false + isEntitlement: + type: boolean + description: Flag indicating whether or not the attribute is an entitlement. + example: false + isGroup: + type: boolean + description: | + Flag indicating whether or not the attribute represents a group. + This can only be `true` if `isEntitlement` is also `true` **and** there is a schema defined for the attribute.. + example: false + example: + - name: sAMAccountName + type: STRING + isMultiValued: false + isEntitlement: false + isGroup: false + - name: memberOf + type: STRING + schema: + type: CONNECTOR_SCHEMA + id: 2c9180887671ff8c01767b4671fc7d60 + name: group + description: Group membership + isMultiValued: true + isEntitlement: true + isGroup: true + created: + type: string + description: The date the Schema was created. + format: date-time + example: '2019-12-24T22:32:58.104Z' + modified: + type: string + description: The date the Schema was last modified. + format: date-time + example: '2019-12-31T20:22:28.104Z' + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:source-schema:update' + '/sources/{sourceId}/upload-connector-file': + post: + operationId: uploadSourceConnectorFile + tags: + - Sources + summary: Upload connector file to source + parameters: + - in: path + name: sourceId + required: true + schema: + type: string + description: The Source id. + example: 2c9180835d191a86015d28455b4a2329 + description: |- + This uploads a supplemental source connector file (like jdbc driver jars) to a source's S3 bucket. This also sends ETS and Audit events. + A token with ORG_ADMIN authority is required to call this API. + requestBody: + required: true + content: + multipart/form-data: + schema: + type: object + properties: + file: + type: string + format: binary + responses: + '200': + description: Uploaded the file successfully and sent all post-upload events + content: + application/json: + schema: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /transforms: + get: + tags: + - Transforms + summary: List transforms + description: |- + Gets a list of all saved transform objects. + A token with transforms-list read authority is required to call this API. + operationId: listTransforms + parameters: + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - name: name + in: query + description: Name of the transform to retrieve from the list. + required: false + style: form + schema: + type: string + example: ExampleTransformName123 + - name: filters + in: query + description: |- + Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results) + Filtering is supported for the following fields and operators: + **internal**: *eq* + **name**: *eq*, *sw* + required: false + style: form + explode: true + example: name eq "Uppercase" + schema: + type: string + responses: + '200': + description: A list of transforms matching the given criteria. + content: + application/json: + schema: + type: array + items: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + - id: 2cd78adghjkja34jh2b1hkjhasuecd + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: false + - id: 2lkas8dhj4bkuakja77giih7l4ashh + name: PrefixSubstring + type: substring + attributes: + begin: 0 + end: 3 + internal: true + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transforms-list:read' + post: + tags: + - Transforms + summary: Create transform + description: 'Creates a new transform object immediately. By default, the internal flag is set to false to indicate that this is a custom transform. Only SailPoint employees have the ability to create a transform with internal set to true. Newly created Transforms can be used in the Identity Profile mappings within the UI. A token with transform write authority is required to call this API.' + operationId: createTransform + requestBody: + required: true + description: The transform to be created. + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM dd yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + responses: + '201': + description: Indicates the transform was successfully created and returns its representation. + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transforms:write' + '/transforms/{id}': + get: + tags: + - Transforms + summary: Transform by ID + description: |- + This API returns the transform specified by the given ID. + A token with transform read authority is required to call this API. + operationId: getTransform + parameters: + - name: id + in: path + description: ID of the transform to retrieve + required: true + style: simple + explode: false + example: 2cd78adghjkja34jh2b1hkjhasuecd + schema: + type: string + responses: + '200': + description: Transform with the given ID + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transforms:read' + put: + tags: + - Transforms + summary: Update a transform + description: |- + Replaces the transform specified by the given ID with the transform provided in the request body. Only the "attributes" field is mutable. Attempting to change other properties (ex. "name" and "type") will result in an error. + A token with transform write authority is required to call this API. + operationId: updateTransform + parameters: + - name: id + in: path + description: ID of the transform to update + required: true + style: simple + explode: false + schema: + type: string + example: 2cd78adghjkja34jh2b1hkjhasuecd + requestBody: + description: 'The updated transform object (must include "name", "type", and "attributes" fields).' + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + responses: + '200': + description: Indicates the transform was successfully updated and returns its new representation. + content: + application/json: + schema: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + example: + id: 2cd78adghjkja34jh2b1hkjhasuecd + name: Timestamp To Date + type: dateFormat + attributes: + inputFormat: 'MMM-dd-yyyy, HH:mm:ss.SSS' + outputFormat: yyyy/dd/MM + internal: false + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transforms:write' + delete: + tags: + - Transforms + summary: Delete a transform + description: |- + Deletes the transform specified by the given ID. Attempting to delete a transform that is used in one or more Identity Profile mappings will result in an error. If this occurs, you must first remove the transform from all mappings before deleting the transform. + A token with transform delete authority is required to call this API. + operationId: deleteTransform + parameters: + - name: id + in: path + description: ID of the transform to delete + required: true + style: simple + explode: false + schema: + type: string + example: 2cd78adghjkja34jh2b1hkjhasuecd + responses: + '204': + description: No content - indicates the request was successful but there is no content to be returned in the response. + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + security: + - oauth2: + - 'idn:transforms:delete' + /work-items: + get: + operationId: listWorkItems + tags: + - Work Items + summary: List Work Items + description: 'This gets a collection of work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /work-items/completed: + get: + operationId: getCompletedWorkItems + tags: + - Work Items + summary: Completed Work Items + description: 'This gets a collection of completed work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: 'The id of the owner of the work item list being requested. Either an admin, or the owning/current user must make this request.' + required: false + example: 1211bcaa32112bcef6122adb21cef1ac + - in: query + name: limit + description: |- + Max number of results to return. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 250 + schema: + type: integer + format: int32 + minimum: 0 + maximum: 250 + default: 250 + - in: query + name: offset + description: |- + Offset into the full result set. Usually specified with *limit* to paginate through the results. + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: 0 + schema: + type: integer + format: int32 + minimum: 0 + default: 0 + - in: query + name: count + description: |- + If *true* it will populate the *X-Total-Count* response header with the number of results that would be returned if *limit* and *offset* were ignored. + + Since requesting a total count can have a performance impact, it is recommended not to send **count=true** if that value will not be used. + + See [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters) for more information. + required: false + example: true + schema: + type: boolean + default: false + responses: + '200': + description: List of completed work items. + content: + application/json: + schema: + type: array + items: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /work-items/count: + get: + operationId: getCountWorkItems + tags: + - Work Items + summary: Count Work Items + description: 'This gets a count of work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: object + properties: + count: + type: integer + description: The count of work items + example: 29 + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /work-items/completed/count: + get: + operationId: getCountCompletedWorkItems + tags: + - Work Items + summary: Count Completed Work Items + description: 'This gets a count of completed work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: object + properties: + count: + type: integer + description: The count of work items + example: 29 + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + /work-items/summary: + get: + operationId: getWorkItemsSummary + tags: + - Work Items + summary: Work Items Summary + description: 'This gets a summary of work items belonging to either the specified user(admin required), or the current user.' + parameters: + - in: query + name: ownerId + schema: + type: string + description: ID of the work item owner. + required: false + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: List of work items + content: + application/json: + schema: + type: object + properties: + open: + type: integer + description: The count of open work items + example: 29 + completed: + type: integer + description: The count of completed work items + example: 1 + total: + type: integer + description: The count of total work items + example: 30 + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/{id}': + get: + operationId: getWorkItem + tags: + - Work Items + summary: Get a Work Item + description: 'This gets the details of a Work Item belonging to either the specified user(admin required), or the current user.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: ID of the work item. + example: 2c9180835d191a86015d28455b4a2329 + responses: + '200': + description: The work item with the given ID. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + post: + operationId: completeWorkItem + tags: + - Work Items + summary: Complete a Work Item + description: 'This API completes a work item. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: A WorkItems object + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/{id}/approve/{approvalItemId}': + post: + operationId: approveApprovalItem + tags: + - Work Items + summary: Approve an Approval Item + description: 'This API approves an Approval Item. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: approvalItemId + schema: + type: string + required: true + description: The ID of the approval item. + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/{id}/reject/{approvalItemId}': + post: + operationId: rejectApprovalItem + tags: + - Work Items + summary: Reject an Approval Item + description: 'This API rejects an Approval Item. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + - in: path + name: approvalItemId + schema: + type: string + required: true + description: The ID of the approval item. + example: 1211bcaa32112bcef6122adb21cef1ac + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/bulk-approve/{id}': + post: + operationId: approveApprovalItemsInBulk + tags: + - Work Items + summary: Bulk approve Approval Items + description: 'This API bulk approves Approval Items. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/bulk-reject/{id}': + post: + operationId: rejectApprovalItemsInBulk + tags: + - Work Items + summary: Bulk reject Approval Items + description: 'This API bulk rejects Approval Items. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. + '/work-items/{id}/submit-account-selection': + post: + operationId: submitAccountSelection + tags: + - Work Items + summary: Submit Account Selections + description: 'This API submits account selections. Either an admin, or the owning/current user must make this request.' + parameters: + - in: path + name: id + schema: + type: string + required: true + description: The ID of the work item + example: ef38f94347e94562b5bb8424a56397d8 + requestBody: + required: true + content: + application/json: + schema: + type: object + additionalProperties: true + example: + fieldName: fieldValue + description: 'Account Selection Data map, keyed on fieldName' + responses: + '200': + description: A work items details object. + content: + application/json: + schema: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + '400': + description: Client Error - Returned if the request body is invalid. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + '401': + description: 'Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.' + content: + application/json: + schema: + type: object + properties: + error: + description: A message describing the error + example: 'JWT validation failed: JWT is expired' + '403': + description: 'Forbidden - Returned if the user you are running as, doesn''t have access to this end-point.' + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '403': + summary: An example of a 403 response object + value: + detailCode: 403 Forbidden + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server understood the request but refuses to authorize it. + '404': + description: Not Found - returned if the request URL refers to a resource or object that does not exist + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '404': + summary: An example of a 404 response object + value: + detailCode: 404 Not found + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: The server did not find a current representation for the target resource. + '429': + description: Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again. + content: + application/json: + schema: + type: object + properties: + message: + description: A message describing the error + example: ' Rate Limit Exceeded ' + '500': + description: Internal Server Error - Returned if there is an unexpected error. + content: + application/json: + schema: + type: object + properties: + detailCode: + type: string + description: Fine-grained error code providing more detail of the error. + example: 400.1 Bad Request Content + trackingId: + type: string + description: Unique tracking id for the error. + example: e7eab60924f64aa284175b9fa3309599 + messages: + type: array + description: Generic localized reason for error + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + causes: + type: array + description: Plain-text descriptive reasons to provide additional detail to the text provided in the messages field + items: + type: object + properties: + locale: + type: string + description: 'The locale for the message text, a BCP 47 language tag.' + example: en-US + localeOrigin: + type: string + enum: + - DEFAULT + - REQUEST + description: 'An indicator of how the locale was selected. *DEFAULT* means the locale is the system default. *REQUEST* means the locale was selected from the request context (i.e., best match based on the *Accept-Language* header). Additional values may be added in the future without notice.' + example: DEFAULT + text: + type: string + description: Actual text of the error message in the indicated locale. + example: The request was syntactically correct but its content is semantically invalid. + examples: + '500': + summary: An example of a 500 response object + value: + detailCode: 500.0 Internal Fault + trackingId: b21b1f7ce4da4d639f2c62a57171b427 + messages: + - locale: en-US + localeOrigin: DEFAULT + text: An internal fault occurred. +security: + - oauth2: [] +components: + securitySchemes: + oauth2: + type: oauth2 + description: | + OAuth2 Bearer token (JWT). See [IdentityNow REST API Authentication](https://developer.sailpoint.com/idn/api/authentication) for more information. + - Directions for generating a [personal access token](https://developer.sailpoint.com/idn/api/authentication#personal-access-tokens) + - Directions using [client credentials flow](https://developer.sailpoint.com/idn/api/authentication#client-credentials-grant-flow) + - Directions for using [authorization code flow](https://developer.sailpoint.com/idn/api/authentication#authorization-code-grant-flow) + + Which authentication method should I choose? See our [guide](https://developer.sailpoint.com/idn/api/authentication#which-oauth-20-grant-flow-should-i-use) + + Learn more about how to find your `tokenUrl` and `authorizationUrl` [in our docs](https://developer.sailpoint.com/idn/api/authentication#find-your-tenants-oauth-details) + flows: + clientCredentials: + tokenUrl: 'https://tenant.api.identitynow.com/oauth/token' + scopes: + 'sp:scopes:default': default scope + 'sp:scopes:all': access to all scopes + authorizationCode: + authorizationUrl: 'https://tenant.identitynow.com/oauth/authorize' + tokenUrl: 'https://tenant.api.identitynow.com/oauth/token' + scopes: + 'sp:scopes:default': default scope + 'sp:scopes:all': access to all scopes + schemas: + AccessRequest: + type: object + properties: + requestedFor: + description: 'A list of Identity IDs for whom the Access is requested. If it''s a Revoke request, there can only be one Identity ID.' + type: array + items: + type: string + example: 2c918084660f45d6016617daa9210584 + requestType: + type: string + enum: + - GRANT_ACCESS + - REVOKE_ACCESS + description: Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field. + example: GRANT_ACCESS + requestedItems: + type: array + items: + type: object + properties: + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of the item being requested. + example: ACCESS_PROFILE + id: + type: string + description: 'ID of Role, Access Profile or Entitlement being requested.' + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: | + Comment provided by requester. + * Comment is required when the request is of type Revoke Access. + example: Requesting access profile for John Doe + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. + removeDate: + type: string + description: | + The date the role or access profile is no longer assigned to the specified identity. + * Specify a date in the future. + * The current SLA for the deprovisioning is 24 hours. + * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. + * Currently it is not supported for entitlements. + * If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements. + format: date-time + example: '2020-07-11T21:23:15.000Z' + required: + - id + - type + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities. + required: + - requestedFor + - requestedItems + AccessRequestItem: + type: object + properties: + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: The type of the item being requested. + example: ACCESS_PROFILE + id: + type: string + description: 'ID of Role, Access Profile or Entitlement being requested.' + example: 2c9180835d2e5168015d32f890ca1581 + comment: + type: string + description: | + Comment provided by requester. + * Comment is required when the request is of type Revoke Access. + example: Requesting access profile for John Doe + clientMetadata: + type: object + additionalProperties: + type: string + example: + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + requestedAppName: test-app + example: + requestedAppName: test-app + requestedAppId: 2c91808f7892918f0178b78da4a305a1 + description: Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities and /access-request-status. + removeDate: + type: string + description: | + The date the role or access profile is no longer assigned to the specified identity. + * Specify a date in the future. + * The current SLA for the deprovisioning is 24 hours. + * This date can be modified to either extend or decrease the duration of access item assignments for the specified identity. + * Currently it is not supported for entitlements. + * If sunset date for role or access profile specified, removeDate cannot be established. This rule doesn't apply for entitlements. + format: date-time + example: '2020-07-11T21:23:15.000Z' + required: + - id + - type + AccessProfileDocument: + description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + AccessProfileSummary: + description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + AccessReviewReassignment: + type: object + properties: + reassign: + type: array + items: + type: object + properties: + id: + type: string + description: The ID of item or identity being reassigned. + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + description: The type of item or identity being reassigned. + enum: + - TARGET_SUMMARY + - ITEM + - IDENTITY_SUMMARY + example: ITEM + required: + - id + - type + reassignTo: + type: string + description: The ID of the identity to which the certification is reassigned + example: ef38f94347e94562b5bb8424a56397d8 + reason: + type: string + description: The reason comment for why the reassign was made + example: reassigned for some reason + required: + - reassign + - reassignTo + - reason + Account: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + properties: + sourceId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + identityId: + type: string + example: 2c9180835d2e5168015d32f890ca1581 + attributes: + type: object + additionalProperties: true + example: + firstName: SailPoint + lastName: Support + displayName: SailPoint Support + authoritative: + type: boolean + description: Indicates if this account is from an authoritative source + example: false + description: + type: string + description: A description of the account + nullable: true + example: null + disabled: + type: boolean + description: Indicates if the account is currently disabled + example: false + locked: + type: boolean + description: Indicates if the account is currently locked + example: false + nativeIdentity: + type: string + example: '552775' + systemAccount: + type: boolean + example: false + uncorrelated: + type: boolean + description: Indicates if this account is not correlated to an identity + example: false + uuid: + type: string + description: The unique ID of the account as determined by the account schema + example: slpt.support + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + hasEntitlements: + type: boolean + description: Indicates if the account has entitlements + example: true + AccountActivity: + type: object + properties: + id: + type: string + description: Id of the account activity + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: The name of the activity + example: 2c9180835d2e5168015d32f890ca1581 + created: + description: When the activity was first created + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + modified: + description: When the activity was last modified + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + nullable: true + completed: + description: When the activity was completed + type: string + format: date-time + nullable: true + example: '2018-10-19T13:49:37.385Z' + completionStatus: + nullable: true + type: string + description: The status after completion. + enum: + - SUCCESS + - FAILURE + - INCOMPLETE + - PENDING + example: SUCCESS + type: + nullable: true + type: string + example: appRequest + description: | + The type of action the activity performed. Please see the following list of types. This list may grow over time. + + - CloudAutomated + - IdentityAttributeUpdate + - appRequest + - LifecycleStateChange + - AccountStateUpdate + - AccountAttributeUpdate + - CloudPasswordRequest + - Attribute Synchronization Refresh + - Certification + - Identity Refresh + - Lifecycle Change Refresh + + + [Learn more here](https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data). + requesterIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + targetIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + errors: + nullable: true + description: 'A list of error messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds.' + warnings: + nullable: true + description: 'A list of warning messages, if any, that were encountered.' + type: array + items: + type: string + example: + - 'Some warning, another warning' + items: + type: array + description: Individual actions performed as part of this account activity + items: + type: object + properties: + id: + type: string + description: Item id + example: 48c545831b264409a81befcabb0e3c5a + name: + type: string + description: Human-readable display name of item + example: 48c545831b264409a81befcabb0e3c5a + requested: + type: string + format: date-time + description: Date and time item was requested + example: '2017-07-11T18:45:37.098Z' + approvalStatus: + nullable: true + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + provisioningStatus: + type: string + enum: + - PENDING + - FINISHED + - UNVERIFIABLE + - COMMITED + - FAILED + - RETRY + description: Provisioning state of an account activity item + example: PENDING + requesterComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + reviewerIdentitySummary: + type: object + nullable: true + properties: + id: + type: string + description: ID of this identity summary + example: ff80818155fe8c080155fe8d925b0316 + name: + type: string + description: Human-readable display name of identity + example: SailPoint Services + identityId: + type: string + description: ID of the identity that this summary represents + example: c15b9f5cca5a4e9599eaa0e64fa921bd + completed: + type: boolean + description: Indicates if all access items for this summary have been decided on + example: true + reviewerComment: + type: object + nullable: true + properties: + commenterId: + type: string + description: Id of the identity making the comment + example: 2c918084660f45d6016617daa9210584 + commenterName: + type: string + description: Human-readable display name of the identity making the comment + example: Adam Kennedy + body: + type: string + description: Content of the comment + example: Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat. + date: + type: string + format: date-time + description: Date and time comment was made + example: '2017-07-11T18:45:37.098Z' + operation: + nullable: true + type: string + enum: + - ADD + - CREATE + - MODIFY + - DELETE + - DISABLE + - ENABLE + - UNLOCK + - LOCK + - REMOVE + description: Represents an operation in an account activity item + example: ADD + attribute: + type: string + description: Attribute to which account activity applies + nullable: true + example: detectedRoles + value: + type: string + description: Value of attribute + nullable: true + example: 'Treasury Analyst [AccessProfile-1529010191212]' + nativeIdentity: + nullable: true + type: string + description: Native identity in the target system to which the account activity applies + example: Sandie.Camero + sourceId: + type: string + description: Id of Source to which account activity applies + example: 2c91808363ef85290164000587130c0c + accountRequestInfo: + type: object + nullable: true + properties: + requestedObjectId: + type: string + description: Id of requested object + example: 2c91808563ef85690164001c31140c0c + requestedObjectName: + type: string + description: Human-readable name of requested object + example: Treasury Analyst + requestedObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + description: 'If an account activity item is associated with an access request, captures details of that request.' + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request item' + example: + customKey1: custom value 1 + customKey2: custom value 2 + removeDate: + nullable: true + type: string + description: The date the role or access profile is no longer assigned to the specified identity. + format: date-time + example: '2020-07-11T00:00:00Z' + executionStatus: + type: string + description: The current state of execution. + enum: + - EXECUTING + - VERIFYING + - TERMINATED + - COMPLETED + example: COMPLETED + clientMetadata: + nullable: true + type: object + additionalProperties: + type: string + description: 'Arbitrary key-value pairs, if any were included in the corresponding access request' + example: + customKey1: custom value 1 + customKey2: custom value 2 + AccountActivitySearchedItem: + description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + AccountAttributes: + type: object + required: + - attributes + properties: + attributes: + description: The schema attribute values for the account + type: object + additionalProperties: true + example: + city: Austin + displayName: John Doe + userName: jdoe + sAMAccountName: jDoe + mail: john.doe@sailpoint.com + AccountDocument: + description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + AccountsAsyncResult: + description: Accounts async response containing details on started async process + required: + - id + type: object + properties: + id: + description: id of the task + type: string + example: 2c91808474683da6017468693c260195 + AccountToggleRequest: + description: Request used for account enable/disable + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated. Providing ''true'' for an unlocked account will add and process ''Unlock'' operation by the workflow.' + type: boolean + example: false + AccountUnlockRequest: + description: Request used for account unlock + type: object + properties: + externalVerificationId: + description: 'If set, an external process validates that the user wants to proceed with this request.' + type: string + example: 3f9180835d2e5168015d32f890ca1581 + unlockIDNAccount: + description: 'If set, the IDN account is unlocked after the workflow completes.' + type: boolean + example: false + forceProvisioning: + description: 'If set, provisioning updates the account attribute at the source. This option is used when the account is not synced to ensure the attribute is updated.' + type: boolean + example: false + Aggregation: + description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + ApprovalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + Campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + Certification: + type: object + properties: + id: + example: 2c9180835d2e5168015d32f890ca1581 + type: string + description: id of the certification + name: + example: 'Source Owner Access Review for Employees [source]' + type: string + description: name of the certification + campaign: + type: object + required: + - id + - name + - type + - campaignType + - description + properties: + id: + type: string + description: The unique ID of the campaign. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the campaign. + example: Campaign Name + type: + type: string + enum: + - CAMPAIGN + description: The type of object that is being referenced. + example: CAMPAIGN + campaignType: + type: string + enum: + - MANAGER + - SOURCE_OWNER + - SEARCH + description: The type of the campaign. + example: MANAGER + description: + type: string + description: The description of the campaign set by the admin who created it. + nullable: true + example: A description of the campaign + completed: + type: boolean + description: Have all decisions been made? + example: true + identitiesCompleted: + type: integer + description: The number of identities for whom all decisions have been made and are complete. + example: 5 + format: int32 + identitiesTotal: + type: integer + description: 'The total number of identities in the Certification, both complete and incomplete.' + example: 10 + format: int32 + created: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: created date + modified: + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: modified date + decisionsMade: + type: integer + description: The number of approve/revoke/acknowledge decisions that have been made. + example: 20 + format: int32 + decisionsTotal: + type: integer + description: The total number of approve/revoke/acknowledge decisions. + example: 40 + format: int32 + due: + type: string + format: date-time + description: The due date of the certification. + example: '2018-10-19T13:49:37.385Z' + signed: + type: string + format: date-time + nullable: true + description: The date the reviewer signed off on the Certification. + example: '2018-10-19T13:49:37.385Z' + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + hasErrors: + description: Identifies if the certification has an error + type: boolean + example: false + errorMessage: + description: Description of the certification error + nullable: true + type: string + example: The certification has an error + phase: + type: string + description: | + The current phase of the campaign. + * `STAGED`: The campaign is waiting to be activated. + * `ACTIVE`: The campaign is active. + * `SIGNED`: The reviewer has signed off on the campaign, and it is considered complete. + enum: + - STAGED + - ACTIVE + - SIGNED + example: ACTIVE + CertificationReference: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + EntitlementDocument: + description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + EntitlementSummary: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + Event: + description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + IdentityDocument: + description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + IdentityProfile: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + required: + - authoritativeSource + properties: + description: + type: string + description: The description of the Identity Profile. + example: My custom flat file profile + nullable: true + owner: + type: object + description: The owner of the Identity Profile. + nullable: true + properties: + type: + type: string + enum: + - IDENTITY + description: Type of the object to which this reference applies + example: IDENTITY + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: William Wilson + priority: + type: integer + format: int64 + description: The priority for an Identity Profile. + example: 10 + authoritativeSource: + type: object + properties: + type: + type: string + enum: + - SOURCE + description: Type of the object to which this reference applies + example: SOURCE + id: + type: string + description: ID of the object to which this reference applies + example: 2c9180835d191a86015d28455b4b232a + name: + type: string + description: Human-readable display name of the object to which this reference applies + example: HR Active Directory + identityRefreshRequired: + type: boolean + description: True if a identity refresh is needed. Typically triggered when a change on the source has been made. + example: true + identityCount: + type: integer + description: The number of identities that belong to the Identity Profile. + format: int32 + example: 8 + identityAttributeConfig: + type: object + description: Defines all the identity attribute mapping configurations. This defines how to generate or collect data for each identity attributes in identity refresh process. + properties: + enabled: + description: The backend will only promote values if the profile/mapping is enabled. + type: boolean + example: true + attributeTransforms: + type: array + items: + type: object + description: Defines a transformation definition for an identity attribute. + properties: + identityAttributeName: + type: string + description: Name of the identity attribute. + example: email + transformDefinition: + description: The seaspray transformation definition. + type: object + properties: + type: + type: string + description: The type of the transform definition. + example: accountAttribute + attributes: + type: object + additionalProperties: + anyOf: + - type: string + - type: object + description: Arbitrary key-value pairs to store any metadata for the object + example: + attributeName: e-mail + sourceName: MySource + sourceId: 2c9180877a826e68017a8c0b03da1a53 + identityExceptionReportReference: + type: object + nullable: true + properties: + taskResultId: + type: string + format: uuid + description: The id of the task result. + example: 2b838de9-db9b-abcf-e646-d4f274ad4238 + reportName: + type: string + example: My annual report + description: The name of the report. + hasTimeBasedAttr: + description: Indicates the value of requiresPeriodicRefresh attribute for the Identity Profile. + type: boolean + example: true + IdentityReferenceWithNameAndEmail: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + ProvisioningConfig: + type: object + description: Specification of a Service Desk integration provisioning configuration. + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + ProvisioningPolicy: + type: object + required: + - name + properties: + name: + type: string + description: the provisioning policy name + example: example provisioning policy for inactive identities + description: + type: string + description: the description of the provisioning policy + example: this provisioning policy creates access based on an identity going inactive + usageType: + type: string + nullable: false + enum: + - CREATE + - UPDATE + - DELETE + - ASSIGN + - UNASSIGN + - CREATE_GROUP + - UPDATE_GROUP + - DELETE_GROUP + - REGISTER + - CREATE_IDENTITY + - UPDATE_IDENTITY + - EDIT_GROUP + - ENABLE + - DISABLE + - UNLOCK + - CHANGE_PASSWORD + example: CREATE + description: The type of ProvisioningPolicy usage. + fields: + type: array + items: + type: object + properties: + name: + type: string + description: The name of the attribute. + example: userName + transform: + type: object + description: The transform to apply to the field + example: + type: rule + attributes: + name: Create Unique LDAP Attribute + default: {} + attributes: + type: object + description: Attributes required for the transform + example: + template: '${firstname}.${lastname}${uniqueCounter}' + cloudMaxUniqueChecks: '50' + cloudMaxSize: '20' + cloudRequired: 'true' + isRequired: + type: boolean + readOnly: true + description: Flag indicating whether or not the attribute is required. + default: false + example: false + type: + type: string + description: The type of the attribute. + example: string + isMultiValued: + type: boolean + description: Flag indicating whether or not the attribute is multi-valued. + default: false + example: false + QueuedCheckConfigDetails: + description: Configuration of maximum number days and interval for checking Service Desk integration queue status + required: + - provisioningStatusCheckIntervalMinutes + - provisioningMaxStatusCheckDays + type: object + properties: + provisioningStatusCheckIntervalMinutes: + description: interval in minutes between status checks + type: string + example: '30' + provisioningMaxStatusCheckDays: + description: maximum number of days to check + type: string + example: '2' + Reassignment: + type: object + nullable: true + properties: + from: + type: object + properties: + id: + type: string + description: The id of the certification. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the certification. + example: Certification Name + type: + type: string + enum: + - CERTIFICATION + example: CERTIFICATION + reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + comment: + type: string + description: The comment entered when the Certification was reassigned + example: Reassigned for a reason + ReassignmentReference: + type: object + properties: + id: + type: string + description: The ID of item or identity being reassigned. + example: ef38f94347e94562b5bb8424a56397d8 + type: + type: string + description: The type of item or identity being reassigned. + enum: + - TARGET_SUMMARY + - ITEM + - IDENTITY_SUMMARY + example: ITEM + required: + - id + - type + RemediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + RequestableObject: + type: object + properties: + id: + type: string + description: Id of the requestable object itself + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Human-readable display name of the requestable object + example: Applied Research Access + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: The time when the requestable object was created + modified: + nullable: true + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: The time when the requestable object was last modified + description: + type: string + description: Description of the requestable object. + example: 'Access to research information, lab results, and schematics.' + type: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + requestStatus: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + identityRequestId: + type: string + description: 'If *requestStatus* is *PENDING*, indicates the id of the associated account activity.' + nullable: true + example: null + ownerRef: + type: object + nullable: true + properties: + type: + type: string + description: The type can only be IDENTITY. This is read-only + example: IDENTITY + id: + type: string + description: Identity id. + example: 5168015d32f890ca15812c9180835d2e + name: + type: string + description: Human-readable display name of identity. This is read-only + example: Alison Ferguso + email: + type: string + description: Email address of identity. This is read-only + example: alison.ferguso@identitysoon.com + requestCommentsRequired: + type: boolean + description: Whether the requester must provide comments when requesting the object. + example: false + RequestableObjectType: + type: string + enum: + - ACCESS_PROFILE + - ROLE + - ENTITLEMENT + description: Enum represented the currently supported requestable object types. Additional values may be added in the future without notice. + example: ACCESS_PROFILE + RequestableObjectRequestStatus: + type: string + enum: + - AVAILABLE + - PENDING + - ASSIGNED + description: 'Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by *identity-id*. *AVAILABLE* indicates the object is available to request. *PENDING* indicates the object is unavailable because the identity has a pending request in flight. *ASSIGNED* indicates the object is unavailable because the identity already has the indicated role or access profile. If *identity-id* is not specified (allowed only for admin users), then status will be *AVAILABLE* for all results.' + example: AVAILABLE + Reviewer: + type: object + properties: + id: + type: string + description: The id of the reviewer. + example: ef38f94347e94562b5bb8424a56397d8 + name: + type: string + description: The name of the reviewer. + example: Reviewer Name + email: + type: string + description: The email of the reviewing identity. + example: reviewer@test.com + type: + type: string + enum: + - IDENTITY + description: The type of the reviewing identity. + example: IDENTITY + created: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The created date of the reviewing identity. + modified: + nullable: true + example: '2018-06-25T20:22:28.104Z' + format: date-time + type: string + description: The modified date of the reviewing identity. + RoleDocument: + description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + RoleSummary: + description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + SearchDocument: + discriminator: + propertyName: _type + mapping: + accessprofile: ../model/access/profile/AccessProfileDocument.yaml + accountactivity: ../model/account/activity/AccountActivityDocument.yaml + account: ../model/account/AccountDocument.yaml + aggregation: ../model/aggregation/AggregationDocument.yaml + entitlement: ../model/entitlement/EntitlementDocument.yaml + event: ../model/event/EventDocument.yaml + identity: ../model/identity/IdentityDocument.yaml + role: ../model/role/RoleDocument.yaml + oneOf: + - description: 'This is more of a complete representation of an access profile. ' + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + entitlementCount: + type: integer + example: 5 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: AccountActivity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + action: + type: string + description: The type of action that this activity performed + externalDocs: + description: Learn more about account activity action types + url: 'https://documentation.sailpoint.com/saas/help/search/searchable-fields.html#searching-account-activity-data' + example: Identity Refresh. + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + description: The current stage of the activity + example: Completed + origin: + type: string + nullable: true + example: null + status: + type: string + description: the current status of the activity + example: Complete + requester: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + recipient: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + trackingNumber: + type: string + example: 61aad0c9e8134eca89e76a35e0cabe3f + errors: + type: array + items: + type: string + nullable: true + example: null + warnings: + type: array + items: + type: string + nullable: true + example: null + approvals: + type: array + items: + type: object + properties: + comments: + type: array + items: + type: object + properties: + comment: + type: string + description: The comment text + example: This request was autoapproved by our automated ETS subscriber. + commenter: + type: string + description: The name of the commenter + example: Automated AR Approval + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: string + description: The result of the approval + example: Finished + type: + type: string + nullable: true + example: null + originalRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: the account id + example: 'CN=Abby Smith,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com' + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + description: the operation that was used + example: add + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + expansionItems: + type: array + items: + type: object + properties: + accountId: + type: string + description: The ID of the account + example: 2c91808981f58ea601821c3e93482e6f + cause: + type: string + example: Role + name: + type: string + description: The name of the item + example: smartsheet-role + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + accountRequests: + type: array + items: + type: object + properties: + accountId: + type: string + description: Unique ID of the account + example: John.Doe + attributeRequests: + type: array + items: + type: object + properties: + name: + type: string + description: The attribute name + example: groups + op: + type: string + description: The operation to perform + example: Add + value: + type: string + description: The value of the attribute + example: '3203537556531076' + op: + type: string + example: Modify + description: The operation that was performed + provisioningTarget: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + result: + type: object + properties: + errors: + type: array + items: + type: string + example: |- + [ConnectorError] [ + { + "code": "unrecognized_keys", + "keys": [ + "groups" + ], + "path": [], + "message": "Unrecognized key(s) in object: 'groups'" + } + ] (requestId: 5e9d6df5-9b1b-47d9-9bf1-dc3a2893299e) + status: + type: string + description: The status of the account request + example: failed + ticketId: + type: string + nullable: true + example: null + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + sources: + type: string + example: 'smartsheet-test, airtable-v4, IdentityNow' + - description: Account + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + firstName: John + lastName: Doe + displayName: John.Doe + identity: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + access: + type: array + items: + description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + entitlementCount: + type: integer + description: The number of entitlements assigned to the account + format: int32 + example: 2 + uncorrelated: + type: boolean + description: Indicates if the account is not correlated to an identity + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Aggregation + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + status: + type: string + example: Success + duration: + type: integer + format: int32 + example: 20 + avgDuration: + type: integer + format: int32 + example: 20 + changedAccounts: + type: integer + format: int32 + example: 1 + nextScheduled: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + startTime: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + sourceOwner: + type: string + description: John Doe + - description: Entitlement + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: A description of the entitlement + example: The admin privilege + attribute: + type: string + description: The name of the entitlement attribute + example: admin + value: + type: string + description: The value of the entitlement + example: 'true' + - type: object + properties: + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + displayName: + type: string + description: The display name of the entitlement + example: Admin + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + identityCount: + type: integer + format: int32 + example: 3 + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Event + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - type: object + properties: + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + action: + type: string + description: The action that was performed + example: update + type: + type: string + description: The type of event + example: SYSTEM_CONFIG + actor: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + target: + type: object + properties: + name: + type: string + example: John Doe + description: the actor or target name + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + stack: + type: string + example: tpe + trackingNumber: + type: string + example: 63f891e0735f4cc8bf1968144a1e7440 + ipAddress: + type: string + example: 52.52.97.85 + details: + type: string + example: 73b65dfbed1842548c207432a18c84b0 + attributes: + type: object + additionalProperties: true + example: + pod: stg03-useast1 + org: acme + sourceName: SailPoint + objects: + type: array + items: + type: string + example: AUTHENTICATION + operation: + type: string + example: REQUEST + status: + type: string + example: PASSED + technicalName: + type: string + example: AUTHENTICATION_REQUEST_PASSED + - description: Identity + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + firstName: + type: string + description: The first name of the identity + example: Carol + lastName: + type: string + description: The last name of the identity + example: Adams + displayName: + type: string + example: Carol.Adams + description: The display name of the identity + email: + type: string + description: The identity's primary email address + example: Carol.Adams@sailpointdemo.com + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + phone: + type: string + description: The phone number of the identity + example: +1 440-527-3672 + inactive: + type: boolean + description: Indicates if the identity is inactive + example: false + protected: + type: boolean + example: false + status: + type: string + description: The identity's status in SailPoint + example: UNREGISTERED + employeeNumber: + type: string + example: 1a2a3d4e + manager: + nullable: true + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + isManager: + type: boolean + description: Indicates if this identity is a manager of other identities + example: false + identityProfile: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + attributes: + type: object + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + country: US + firstname: Carol + cloudStatus: UNREGISTERED + processingState: + type: string + nullable: true + example: null + processingDetails: + nullable: true + type: object + properties: + date: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + stage: + type: string + example: In Process + retryCount: + type: integer + example: 0 + format: int32 + stackTrace: + type: string + example: + message: + type: string + example: + accounts: + type: array + description: List of accounts associated with the identity + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + accountId: + type: string + description: The ID of the account + example: john.doe + source: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + example: Delimited File + description: the type of source returned + disabled: + type: boolean + description: Indicates if the account is disabled + example: false + locked: + type: boolean + description: Indicates if the account is locked + example: false + privileged: + type: boolean + example: false + manuallyCorrelated: + type: boolean + description: Indicates if the account has been manually correlated to an identity + example: false + passwordLastSet: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + entitlementAttributes: + type: object + nullable: true + description: a map or dictionary of key/value pairs + additionalProperties: true + example: + moderator: true + admin: true + trust_level: '4' + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + accountCount: + type: integer + description: Number of accounts associated with the identity + format: int32 + example: 3 + apps: + type: array + description: The list of applications the identity has access to + items: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + account: + type: object + properties: + id: + type: string + description: The SailPoint generated unique ID + example: 2c9180837dfe6949017e21f3d8cd6d49 + accountId: + type: string + description: The account ID generated by the source + example: 'CN=Carol Adams,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + appCount: + type: integer + format: int32 + description: The number of applications the identity has access to + example: 2 + access: + type: array + description: The list of access items assigned to the identity + items: + discriminator: + propertyName: type + mapping: + ACCESS_PROFILE: ../access/AccessProfileSummary.yaml + ENTITLEMENT: ../access/AccessProfileEntitlement.yaml + ROLE: ../access/AccessProfileRole.yaml + oneOf: + - description: This is a summary representation of an access profile. + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + revocable: + type: boolean + example: true + - description: EntitlementReference + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + source: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + privileged: + type: boolean + example: false + attribute: + type: string + example: memberOf + value: + type: string + example: 'CN=Buyer,OU=Groups,OU=Demo,DC=seri,DC=sailpointdemo,DC=com' + standalone: + type: boolean + example: false + - description: Role + allOf: + - allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + description: + type: string + nullable: true + example: null + - type: object + properties: + owner: + allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + displayName: + type: string + example: John Q. Doe + disabled: + type: boolean + revocable: + type: boolean + accessCount: + type: integer + format: int32 + description: The number of access items assigned to the identity + example: 5 + accessProfileCount: + type: integer + description: The number of access profiles assigned to the identity + example: 1 + entitlementCount: + type: integer + description: The number of entitlements assigned to the identity + example: 10 + roleCount: + type: integer + description: The number of roles assigned to the identity + example: 1 + owns: + type: object + properties: + sources: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + entitlements: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + roles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + apps: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + governanceGroups: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + fallbackApprover: + type: boolean + example: false + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + - description: Role + allOf: + - type: object + required: + - id + - name + - _type + properties: + id: + type: string + example: 2c91808375d8e80a0175e1f88a575222 + name: + type: string + example: john.doe + _type: + description: |- + Enum representing the currently supported document types. + + Additional values may be added in the future without notice. + type: string + enum: + - accessprofile + - accountactivity + - account + - aggregation + - entitlement + - event + - identity + - role + example: identity + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + description: + type: string + description: The description of the access item + example: The admin role + created: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + modified: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + synced: + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + enabled: + type: boolean + example: true + requestable: + type: boolean + example: true + description: Indicates if the access can be requested + requestCommentsRequired: + type: boolean + description: Indicates if comments are required when requesting access + example: false + owner: + allOf: + - allOf: + - type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + - type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + - type: object + properties: + email: + type: string + example: john.doe@sailpoint.com + description: The email of the identity + - type: object + properties: + accessProfiles: + type: array + items: + type: object + properties: + id: + type: string + example: 2c91808568c529c60168cca6f90c1313 + description: The unique ID of the referenced object. + name: + type: string + example: John Doe + description: The human readable name of the referenced object. + accessProfileCount: + type: integer + tags: + type: array + items: + type: string + example: + - TAG_1 + - TAG_2 + SavedSearch: + type: object + allOf: + - type: object + properties: + id: + description: | + The saved search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + owner: + description: | + The owner of the saved search. + type: object + properties: + type: + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + - ACCESS_PROFILE + - ACCESS_REQUEST_APPROVAL + - ACCOUNT + - APPLICATION + - CAMPAIGN + - CAMPAIGN_FILTER + - CERTIFICATION + - CLUSTER + - CONNECTOR_SCHEMA + - ENTITLEMENT + - GOVERNANCE_GROUP + - IDENTITY + - IDENTITY_PROFILE + - IDENTITY_REQUEST + - LIFECYCLE_STATE + - PASSWORD_POLICY + - ROLE + - RULE + - SOD_POLICY + - SOURCE + - TAG_CATEGORY + - TASK_RESULT + - REPORT_RESULT + - SOD_VIOLATION + - ACCOUNT_ACTIVITY + description: An enumeration of the types of DTOs supported within the IdentityNow infrastructure. + example: IDENTITY + id: + description: | + The id of the object. + type: string + example: 2c91808568c529c60168cca6f90c1313 + required: + - type + - id + - type: object + properties: + name: + description: | + The name of the saved search. + type: string + example: Disabled accounts + description: + description: | + The description of the saved search. + type: string + nullable: true + example: Disabled accounts + - type: object + properties: + public: + description: | + Indicates if the saved search is public. + type: boolean + default: false + example: false + created: + description: | + The date the saved search was initially created. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + modified: + description: | + The last date the saved search was modified. + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + indices: + description: | + The names of the Elasticsearch indices in which to search. + type: array + items: + description: |- + Enum representing the currently supported indices. + Additional values may be added in the future without notice. + type: string + enum: + - accessprofiles + - accountactivities + - entitlements + - events + - identities + - roles + - '*' + example: identities + example: + - identities + columns: + description: | + The columns to be returned (specifies the order in which they will be presented) for each document type. + + The currently supported document types are: _accessprofile_, _accountactivity_, _account_, _aggregation_, _entitlement_, _event_, _identity_, and _role_. + type: object + additionalProperties: + type: array + items: + type: object + properties: + field: + description: | + The name of the field. + type: string + example: email + header: + description: | + The value of the header. + type: string + example: Work Email + required: + - field + example: + identity: + - field: displayName + header: Display Name + - field: e-mail + header: Work Email + query: + description: | + The search query using Elasticsearch [Query String Query](https://www.elastic.co/guide/en/elasticsearch/reference/5.2/query-dsl-query-string-query.html#query-string) syntax from the Query DSL. + type: string + example: '@accounts(disabled:true)' + fields: + description: | + The fields to be searched against in a multi-field query. + type: array + nullable: true + items: + type: string + example: + - disabled + sort: + description: | + The fields to be used to sort the search results. + type: array + items: + type: string + example: + - displayName + filters: + nullable: true + allOf: + - type: object + description: The filters to be applied for each filtered field name. + example: + attributes.cloudAuthoritativeSource: + type: EXISTS + exclude: true + accessCount: + type: RANGE + range: + lower: + value: '3' + created: + type: RANGE + range: + lower: + value: '2019-12-01' + inclusive: true + upper: + value: '2020-01-01' + source.name: + type: TERMS + terms: + - HR Employees + - Corporate Active Directory + exclude: true + protected: + type: TERMS + terms: + - 'true' + - type: object + properties: + type: + description: |- + Enum representing the currently supported filter types. + Additional values may be added in the future without notice. + type: string + enum: + - EXISTS + - RANGE + - TERMS + example: RANGE + range: + type: object + description: The range of values to be filtered. + properties: + lower: + description: The lower bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + upper: + description: The upper bound of the range. + type: object + required: + - value + properties: + value: + description: The value of the range's endpoint. + type: string + example: '1' + inclusive: + description: Indicates if the endpoint is included in the range. + type: boolean + default: false + example: false + terms: + description: The terms to be filtered. + type: array + items: + type: string + example: account_count + exclude: + description: Indicates if the filter excludes results. + type: boolean + default: false + example: false + required: + - indices + - query + Schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + ScheduledSearch: + type: object + allOf: + - type: object + properties: + id: + description: The scheduled search ID. + type: string + example: 0de46054-fe90-434a-b84e-c6b3359d0c64 + readOnly: true + owner: + description: The owner of the scheduled search + readOnly: true + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + ownerId: + description: | + The ID of the scheduled search owner. + + Please use the `id` in the `owner` object instead. + type: string + example: 2c9180867624cbd7017642d8c8c81f67 + readOnly: true + deprecated: true + - type: object + properties: + name: + description: | + The name of the scheduled search. + type: string + example: Daily disabled accounts + nullable: true + description: + description: | + The description of the scheduled search. + type: string + nullable: true + example: Daily disabled accounts + - type: object + properties: + savedSearchId: + description: The ID of the saved search that will be executed. + type: string + example: 554f1511-f0a1-4744-ab14-599514d3e57c + created: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The date the scheduled search was initially created. + readOnly: true + modified: + allOf: + - type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: A date-time in ISO-8601 format + description: The last date the scheduled search was modified. + readOnly: true + schedule: + type: object + description: The schedule information. + properties: + type: + description: | + Enum representing the currently supported schedule types. + + Additional values may be added in the future without notice. + type: string + enum: + - DAILY + - WEEKLY + - MONTHLY + - CALENDAR + example: WEEKLY + days: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: | + The days to execute the search. + + If `type` is `WEEKLY`, the values will be `MON`, `TUE`, `WED`, `THU`, `FRI`, `SAT`, and `SUN`. + + If `type` is `MONTHLY`, the values will be a number in double quotes, like `"1"`, `"10"`, or `"28"`. Optionally, the value `"L"` can be used to refer to the last day of the month. + example: + type: LIST + values: + - MON + - WED + - FRI + nullable: true + hours: + allOf: + - type: object + properties: + type: + description: | + Enum representing the currently supported selector types. + + LIST - the *values* array contains one or more distinct values. + + RANGE - the *values* array contains two values: the start and end of the range, inclusive. + + Additional values may be added in the future without notice. + type: string + enum: + - LIST + - RANGE + example: LIST + values: + description: | + The selected values. + type: array + items: + type: string + example: + - MON + - WED + interval: + nullable: true + description: | + The selected interval for RANGE selectors. + type: integer + format: int32 + example: 3 + required: + - type + - values + - description: The hours selected. + example: + type: RANGE + values: + - '9' + - '18' + interval: 3 + expiration: + description: 'The schedule expiration date. Latest possible expiration date is ''2038-01-19T03:14:07+0000''' + type: string + nullable: true + format: date-time + example: '2018-06-25T20:22:28.104Z' + timeZoneId: + description: 'The GMT formatted timezone the schedule will run in (ex. GMT-06:00). If no timezone is specified, the org''s default timezone is used.' + nullable: true + type: string + example: 'GMT-06:00' + required: + - type + - hours + recipients: + description: A list of identities that should receive the scheduled search report via email. + type: array + items: + type: object + properties: + type: + type: string + description: The type of object being referenced + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: The ID of the referenced object + example: 2c9180867624cbd7017642d8c8c81f67 + required: + - type + - id + enabled: + description: | + Indicates if the scheduled search is enabled. + type: boolean + default: false + example: false + emailEmptyResults: + description: | + Indicates if email generation should not be suppressed if search returns no results. + type: boolean + default: false + example: false + displayQueryDetails: + description: | + Indicates if the generated email should include the query and search results preview (which could include PII). + type: boolean + default: false + example: false + required: + - savedSearchId + - schedule + - recipients + required: + - id + - owner + - ownerId + ServiceDeskIntegrationDto: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: Specification of a Service Desk integration + required: + - description + - type + - attributes + properties: + description: + description: Description of the Service Desk integration + type: string + example: A very nice Service Desk integration + type: + description: | + Service Desk integration types + + - ServiceNowSDIM + - ServiceNow + type: string + default: ServiceNowSDIM + example: ServiceNowSDIM + ownerRef: + description: Reference to the identity that is the owner of this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + clusterRef: + description: Reference to the source cluster for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + cluster: + description: 'ID of the cluster for the Service Desk integration (replaced by clusterRef, retained for backward compatibility)' + type: string + example: xyzzy999 + deprecated: true + managedSources: + description: 'Source IDs for the Service Desk integration (replaced by provisioningConfig.managedSResourceRefs, but retained here for backward compatibility)' + type: array + items: + type: string + deprecated: true + example: + - 2c9180835d191a86015d28455b4a2329 + - 2c5680835d191a85765d28455b4a9823 + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + attributes: + description: Attributes of the Service Desk integration. Validation constraints enforced by the implementation. + type: object + additionalProperties: true + example: + property: value + key: value + beforeProvisioningRule: + description: Reference to beforeProvisioningRule for this Service Desk integration + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c91808568c529c60168cca6f90c1333 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + ServiceDeskIntegrationTemplateDto: + allOf: + - type: object + required: + - name + properties: + id: + description: System-generated unique ID of the Object + type: string + example: id12345 + readOnly: true + name: + description: Name of the Object + type: string + example: aName + created: + description: Creation date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + modified: + description: Last modification date of the Object + type: string + example: '2015-05-28T14:07:17Z' + format: date-time + readOnly: true + - type: object + description: 'This is the model for a Service Desk integration template, used to create and edit Service Desk Integrations.' + required: + - type + - attributes + - provisioningConfig + properties: + type: + description: The 'type' property specifies the type of the Service Desk integration template. + type: string + example: Web Service SDIM + default: Web Service SDIM + attributes: + description: The 'attributes' property value is a map of attributes available for integrations using this Service Desk integration template. + type: object + additionalProperties: true + example: + property: value + key: value + provisioningConfig: + description: The 'provisioningConfig' property specifies the configuration used to provision integrations using the template. + type: object + properties: + universalManager: + description: 'Specifies whether this configuration is used to manage provisioning requests for all sources from the org. If true, no managedResourceRefs are allowed.' + type: boolean + readOnly: true + example: true + managedResourceRefs: + description: References to sources for the Service Desk integration template. May only be specified if universalManager is false. + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - SOURCE + example: SOURCE + id: + type: string + description: ID of the source + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the source + example: My Source + example: + - type: SOURCE + id: 2c9180855d191c59015d291ceb051111 + name: My Source 1 + - type: SOURCE + id: 2c9180855d191c59015d291ceb052222 + name: My Source 2 + planInitializerScript: + description: This is a reference to a plan initializer script. + type: object + properties: + source: + description: This is a Rule that allows provisioning instruction changes. + type: string + example: | + \r\n\r\n\r\n Before Provisioning Rule which changes disables and enables to a modify.\r\n + ServiceDeskIntegrationTemplateType: + description: This represents a Service Desk Integration template type. + required: + - type + - scriptName + type: object + properties: + name: + description: This is the name of the type. + example: aName + type: string + type: + description: This is the type value for the type. + example: aType + type: string + scriptName: + description: This is the scriptName attribute value for the type. + example: aScriptName + type: string + Source: + type: object + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + name: + type: string + description: Human-readable name of the source + example: My Source + description: + type: string + description: Human-readable description of the source + example: This is the corporate directory. + owner: + description: Reference to an owning Identity Object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - IDENTITY + example: IDENTITY + id: + type: string + description: ID of the identity + example: 2c91808568c529c60168cca6f90c1313 + name: + type: string + description: Human-readable display name of the identity + example: MyName + cluster: + description: Reference to the associated Cluster + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CLUSTER + example: CLUSTER + id: + type: string + description: ID of the cluster + example: 2c9180866166b5b0016167c32ef31a66 + name: + type: string + description: Human-readable display name of the cluster + example: Corporate Cluster + accountCorrelationConfig: + description: Reference to an Account Correlation Config object + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - ACCOUNT_CORRELATION_CONFIG + example: ACCOUNT_CORRELATION_CONFIG + id: + type: string + description: ID of the account correlation config + example: 2c9180855d191c59015d28583727245a + name: + type: string + description: Human-readable display name of the account correlation config + example: 'Directory [source-62867] Account Correlation' + accountCorrelationRule: + description: 'Reference to a Rule that can do COMPLEX correlation, should only be used when accountCorrelationConfig can''t be used.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + managerCorrelationMapping: + description: Filter Object used during manager correlation to match incoming manager values to an existing manager's Account/Identity + type: object + properties: + accountAttribute: + type: string + description: Name of the attribute to use for manager correlation. The value found on the account attribute will be used to lookup the manager's identity. + example: manager + identityAttribute: + type: string + description: Name of the identity attribute to search when trying to find a manager using the value from the accountAttribute. + example: manager + managerCorrelationRule: + description: 'Reference to the ManagerCorrelationRule, only used when a simple filter isn''t sufficient.' + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + beforeProvisioningRule: + description: Rule that runs on the CCG and allows for customization of provisioning plans before the connector is called. + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - RULE + example: RULE + id: + type: string + description: ID of the rule + example: 2c918085708c274401708c2a8a760001 + name: + type: string + description: Human-readable display name of the rule + example: Example Rule + schemas: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - CONNECTOR_SCHEMA + example: CONNECTOR_SCHEMA + id: + type: string + description: ID of the schema + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the schema + example: MySchema + description: List of references to Schema objects + example: + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232a + name: account + - type: CONNECTOR_SCHEMA + id: 2c9180835d191a86015d28455b4b232b + name: group + passwordPolicies: + type: array + items: + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - PASSWORD_POLICY + example: PASSWORD_POLICY + id: + type: string + description: ID of the policy + example: 2c91808568c529c60168cca6f90c1777 + name: + type: string + description: Human-readable display name of the policy + example: My Password Policy + description: List of references to the associated PasswordPolicy objects. + example: + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb053980 + name: Corporate Password Policy + - type: PASSWORD_POLICY + id: 2c9180855d191c59015d291ceb057777 + name: Vendor Password Policy + features: + type: array + description: Optional features that can be supported by a source. + items: + type: string + enum: + - AUTHENTICATE + - COMPOSITE + - DIRECT_PERMISSIONS + - DISCOVER_SCHEMA + - ENABLE + - MANAGER_LOOKUP + - NO_RANDOM_ACCESS + - PROXY + - SEARCH + - TEMPLATE + - UNLOCK + - UNSTRUCTURED_TARGETS + - SHAREPOINT_TARGET + - PROVISIONING + - GROUP_PROVISIONING + - SYNC_PROVISIONING + - PASSWORD + - CURRENT_PASSWORD + - ACCOUNT_ONLY_REQUEST + - ADDITIONAL_ACCOUNT_REQUEST + - NO_AGGREGATION + - GROUPS_HAVE_MEMBERS + - NO_PERMISSIONS_PROVISIONING + - NO_GROUP_PERMISSIONS_PROVISIONING + - NO_UNSTRUCTURED_TARGETS_PROVISIONING + - NO_DIRECT_PERMISSIONS_PROVISIONING + description: |- + Optional features that can be supported by an source. + * AUTHENTICATE: The source supports pass-through authentication. + * COMPOSITE: The source supports composite source creation. + * DIRECT_PERMISSIONS: The source supports returning DirectPermissions. + * DISCOVER_SCHEMA: The source supports discovering schemas for users and groups. + * ENABLE The source supports reading if an account is enabled or disabled. + * MANAGER_LOOKUP: The source supports looking up managers as they are encountered in a feed. This is the opposite of NO_RANDOM_ACCESS. + * NO_RANDOM_ACCESS: The source does not support random access and the getObject() methods should not be called and expected to perform. + * PROXY: The source can serve as a proxy for another source. When an source has a proxy, all connector calls made with that source are redirected through the connector for the proxy source. + * SEARCH + * TEMPLATE + * UNLOCK: The source supports reading if an account is locked or unlocked. + * UNSTRUCTURED_TARGETS: The source supports returning unstructured Targets. + * SHAREPOINT_TARGET: The source supports returning unstructured Target data for SharePoint. It will be typically used by AD, LDAP sources. + * PROVISIONING: The source can both read and write accounts. Having this feature implies that the provision() method is implemented. It also means that direct and target permissions can also be provisioned if they can be returned by aggregation. + * GROUP_PROVISIONING: The source can both read and write groups. Having this feature implies that the provision() method is implemented. + * SYNC_PROVISIONING: The source can provision accounts synchronously. + * PASSWORD: The source can provision password changes. Since sources can never read passwords, this is should only be used in conjunction with the PROVISIONING feature. + * CURRENT_PASSWORD: Some source types support verification of the current password + * ACCOUNT_ONLY_REQUEST: The source supports requesting accounts without entitlements. + * ADDITIONAL_ACCOUNT_REQUEST: The source supports requesting additional accounts. + * NO_AGGREGATION: A source that does not support aggregation. + * GROUPS_HAVE_MEMBERS: The source models group memberships with a member attribute on the group object rather than a groups attribute on the account object. This effects the implementation of delta account aggregation. + * NO_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for accounts. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for accounts. + * NO_GROUP_PERMISSIONS_PROVISIONING: Indicates that the connector cannot provision direct or target permissions for groups. When DIRECT_PERMISSIONS and PROVISIONING features are present, it is assumed that the connector can also provision direct permissions. This feature disables that assumption and causes permission request to be converted to work items for groups. + * NO_UNSTRUCTURED_TARGETS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + * NO_DIRECT_PERMISSIONS_PROVISIONING: This string will be replaced by NO_GROUP_PERMISSIONS_PROVISIONING and NO_PERMISSIONS_PROVISIONING. + example: AUTHENTICATE + example: + - SYNC_PROVISIONING + - MANAGER_LOOKUP + - SEARCH + - PROVISIONING + - AUTHENTICATE + - GROUP_PROVISIONING + - PASSWORD + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + connector: + type: string + description: Connector script name. + example: active-directory + connectorClass: + type: string + description: The fully qualified name of the Java class that implements the connector interface. + example: sailpoint.connector.LDAPConnector + connectorAttributes: + type: object + description: Connector specific configuration; will differ from type to type. + example: + healthCheckTimeout: 30 + authSearchAttributes: + - cn + - uid + - mail + deleteThreshold: + type: integer + format: int32 + description: Number from 0 to 100 that specifies when to skip the delete phase. + example: 10 + authoritative: + type: boolean + description: When true indicates the source is referenced by an IdentityProfile. + example: false + managementWorkgroup: + description: Reference to Management Workgroup for this Source + type: object + properties: + type: + description: The type of object being referenced + type: string + enum: + - GOVERNANCE_GROUP + example: GOVERNANCE_GROUP + id: + type: string + description: ID of the management workgroup + example: 2c91808568c529c60168cca6f90c2222 + name: + type: string + description: Human-readable display name of the management workgroup + example: My Management Workgroup + healthy: + type: boolean + description: When true indicates a healthy source + example: true + status: + type: string + description: 'A status identifier, giving specific information on why a source is healthy or not' + example: SOURCE_STATE_HEALTHY + since: + type: string + description: Timestamp showing when a source health check was last performed + example: '2021-09-28T15:48:29.3801666300Z' + connectorId: + type: string + description: The id of connector + example: active-directory + connectorName: + type: string + description: The name of the connector that was chosen on source creation + example: Active Directory + connectionType: + type: string + description: The type of connection (direct or file) + example: file + connectorImplementstionId: + type: string + description: The connector implementstion id + example: delimited-file + required: + - name + - owner + - connector + SourceHealthDto: + type: object + description: Dto for source health data + properties: + id: + type: string + readOnly: true + description: the id of the Source + example: 2c91808568c529c60168cca6f90c1324 + type: + type: string + description: 'Specifies the type of system being managed e.g. Active Directory, Workday, etc..' + example: OpenLDAP - Direct + name: + type: string + description: the name of the source + example: Source1234 + org: + type: string + description: source's org + example: denali-cjh + isAuthoritative: + type: boolean + example: false + description: Is the source authoritative + isCluster: + type: boolean + example: false + description: Is the source in a cluster + hostname: + type: string + example: megapod-useast1-secret-hostname.sailpoint.com + description: source's hostname + pod: + type: string + description: source's pod + example: megapod-useast1 + iqServiceVersion: + type: string + description: The version of the iqService + example: iqVersion123 + status: + type: string + enum: + - SOURCE_STATE_ERROR_CLUSTER + - SOURCE_STATE_ERROR_SOURCE + - SOURCE_STATE_ERROR_VA + - SOURCE_STATE_FAILURE_CLUSTER + - SOURCE_STATE_FAILURE_SOURCE + - SOURCE_STATE_HEALTHY + - SOURCE_STATE_UNCHECKED_CLUSTER + - SOURCE_STATE_UNCHECKED_CLUSTER_NO_SOURCES + - SOURCE_STATE_UNCHECKED_SOURCE + - SOURCE_STATE_UNCHECKED_SOURCE_NO_ACCOUNTS + description: connection test result + example: SOURCE_STATE_UNCHECKED_SOURCE + Transform: + type: object + description: The representation of an internally- or customer-defined transform. + required: + - name + - type + - attributes + properties: + id: + type: string + readOnly: true + description: Unique ID of this transform + example: 2cd78adghjkja34jh2b1hkjhasuecd + name: + type: string + description: Unique name of this transform + example: Timestamp To Date + minLength: 1 + maxLength: 50 + type: + type: string + description: The type of transform operation + enum: + - accountAttribute + - base64Decode + - base64Encode + - concat + - conditional + - dateCompare + - dateFormat + - dateMath + - decomposeDiacriticalMarks + - e164phone + - firstValid + - rule + - identityAttribute + - indexOf + - iso3166 + - lastIndexOf + - leftPad + - lookup + - lower + - normalizeNames + - randomAlphaNumeric + - randomNumeric + - reference + - replaceAll + - replace + - rightPad + - split + - static + - substring + - trim + - upper + - usernameGenerator + - uuid + example: dateFormat + externalDocs: + description: Transform Operations + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations' + attributes: + description: Meta-data about the transform. Values in this list are specific to the type of transform to be executed. + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Decode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: base64Encode + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: concat + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of items to join together + example: + - John + - ' ' + - Smith + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: conditional + type: object + required: + - expression + - positiveCondition + - negativeCondition + properties: + expression: + type: string + description: |- + A comparison statement that follows the structure of `ValueA eq ValueB` where `ValueA` and `ValueB` are static strings or outputs of other transforms. + + The `eq` operator is the only valid comparison + example: ValueA eq ValueB + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: 'false' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateCompare + type: object + required: + - firstDate + - secondDate + - operator + - positiveCondition + - negativeCondition + properties: + firstDate: + description: This is the first date to consider (The date that would be on the left hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + secondDate: + description: This is the second date to consider (The date that would be on the right hand side of the comparison operation). + oneOf: + - title: accountAttribute + type: object + required: + - sourceName + - attributeName + properties: + sourceName: + type: string + description: A reference to the source to search for the account + example: Workday + attributeName: + type: string + description: 'The name of the attribute on the account to return. This should match the name of the account attribute name visible in the user interface, or on the source schema.' + example: DEPARTMENT + accountSortAttribute: + type: string + description: The value of this configuration is a string name of the attribute to use when determining the ordering of returned accounts when there are multiple entries + example: created + accountSortDescending: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls the order of the sort when there are multiple accounts. If not defined, the transform will default to false (ascending order)' + example: false + accountReturnFirstLink: + type: boolean + description: 'The value of this configuration is a boolean (true/false). Controls which account to source a value from for an attribute. If this flag is set to true, the transform returns the value from the first account in the list, even if it is null. If it is set to false, the transform returns the first non-null value. If not defined, the transform will default to false' + example: false + accountFilter: + type: string + description: |- + This expression queries the database to narrow search results. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the database. The default filter will always include the source and identity, and any subsequent expressions will be combined in an AND operation to the existing search criteria. + Only certain searchable attributes are available: - `nativeIdentity` - the Account ID - `displayName` - the Account Name - `entitlements` - a boolean value to determine if the account has entitlements + example: '!(nativeIdentity.startsWith("*DELETED*"))' + accountPropertyFilter: + type: string + description: |- + This expression is used to search and filter accounts in memory. The value of this configuration is a sailpoint.object.Filter expression and used when searching against the returned resultset. + + All account attributes are available for filtering as this operation is performed in memory. + example: '(groups.containsAll({''Admin''}) || location == ''Austin'')' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + operator: + type: string + description: | + This is the comparison to perform. + | Operation | Description | + | --------- | ------- | + | LT | Strictly less than: firstDate < secondDate | + | LTE | Less than or equal to: firstDate <= secondDate | + | GT | Strictly greater than: firstDate > secondDate | + | GTE | Greater than or equal to: firstDate >= secondDate | + enum: + - LT + - LTE + - GT + - GTE + example: LT + positiveCondition: + type: string + description: The output of the transform if the expression evalutes to true + example: 'true' + negativeCondition: + type: string + description: The output of the transform if the expression evalutes to false + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateFormat + type: object + properties: + inputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data is coming in as. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + outputFormat: + description: |- + A string value indicating either the explicit SimpleDateFormat or the built-in named format that the data should be formatted into. + + *If no inputFormat is provided, the transform assumes that it is in ISO8601 format* + oneOf: + - title: Named Construct + type: string + description: | + | Construct | Date Time Pattern | Description | + | --------- | ----------------- | ----------- | + | ISO8601 | `yyyy-MM-dd'T'HH:mm:ss.SSSX` | The ISO8601 standard. | + | LDAP | `yyyyMMddHHmmss.Z` | The LDAP standard. | + | PEOPLE_SOFT | `MM/dd/yyyy` | The date format People Soft uses. | + | EPOCH_TIME_JAVA | # ms from midnight, January 1st, 1970 | The incoming date value as elapsed time in milliseconds from midnight, January 1st, 1970. | + | EPOCH_TIME_WIN32| # intervals of 100ns from midnight, January 1st, 1601 | The incoming date value as elapsed time in 100-nanosecond intervals from midnight, January 1st, 1601. | + enum: + - ISO8601 + - LDAP + - PEOPLE_SOFT + - EPOCH_TIME_JAVA + - EPOCH_TIME_WIN32 + example: PEOPLE_SOFT + - title: Java Simple Date Format + type: string + description: | + There are a variety of date time patterns you can express using SimpleDateFormat. The following table lists examples of different date time patterns expressed in the SimpleDateFormat and how they display. Refer to the SimpleDateFormat syntax page for more information. + + >NOTE: The following examples show how date and time patterns are interpreted in the U.S. locale. The given date and time are 2001-07-04 12:08:56 local time in the U.S. Pacific Time time zone. + (This table is from the SimpleDateFormat page.) + + | Date Time Pattern | Result | + | ----------------- | ------ | + | `yyyy.MM.dd G 'at' HH:mm:ss z` | `2001.07.04 AD at 12:08:56 PDT` | + | `EEE, MMM d, ''yy` | Wed, Jul 4, '01 | + | `h:mm a` | 12:08 PM | + | `hh 'o''clock' a, zzzz` | 12 o'clock PM, Pacific Daylight Time | + | `K:mm a, z` | 0:08 PM, PDT | + | `yyyyy.MMMMM.dd GGG hh:mm aaa` | 02001.July.04 AD 12:08 PM | + | `EEE, d MMM yyyy HH:mm:ss Z` | Wed, 4 Jul 2001 12:08:56 -0700 | + | `yyMMddHHmmssZ` | 010704120856-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSZ` | 2001-07-04T12:08:56.235-0700 | + | `yyyy-MM-dd'T'HH:mm:ss.SSSXXX` | 2001-07-04T12:08:56.235-07:00 | + | `YYYY-'W'ww-u` | 2001-W27-3 | + example: mm/dd/yyyy + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: dateMath + type: object + required: + - expression + properties: + expression: + type: string + description: | + A string value of the date and time components to operation on, along with the math operations to execute. + externalDocs: + description: Date Math Expressions + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/date-math#transform-structure' + example: now+1w + roundUp: + type: boolean + description: | + A boolean value to indicate whether the transform should round up or down when a rounding `/` operation is defined in the expression. + + + If not provided, the transform will default to `false` + + + `true` indicates the transform should round up (i.e., truncate the fractional date/time component indicated and then add one unit of that component) + + + `false` indicates the transform should round down (i.e., truncate the fractional date/time component indicated) + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: decomposeDiacriticalMarks + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: e164phone + type: object + properties: + defaultRegion: + type: string + description: | + This is an optional attribute that can be used to define the region of the phone number to format into. + + + If defaultRegion is not provided, it will take US as the default country. + + + The format of the country code should be in [ISO 3166-1 alpha-2 format](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2) + example: US + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: firstValid + type: object + required: + - values + properties: + values: + type: array + items: + type: object + description: An array of attributes to evaluate for existence. + example: + - attributes: + sourceName: Active Directory + attributeName: sAMAccountName + type: accountAttribute + - attributes: + sourceName: Okta + attributeName: login + type: accountAttribute + - attributes: + sourceName: HR Source + attributeName: employeeID + type: accountAttribute + ignoreErrors: + type: boolean + description: a true or false value representing to move on to the next option if an error (like an Null Pointer Exception) were to occur. + example: false + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: rule + oneOf: + - type: object + required: + - name + properties: + name: + type: string + description: This is the name of the Generic rule that needs to be invoked by the transform + example: Generic Calculation Rule + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - includeNumbers + - includeSpecialChars + - length + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `generateRandomString` + example: generateRandomString + includeNumbers: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include numbers + example: true + includeSpecialChars: + type: boolean + description: This must be either "true" or "false" to indicate whether the generator logic should include special characters + example: true + length: + type: string + description: | + This specifies how long the randomly generated string needs to be + + + >NOTE Due to identity attribute data constraints, the maximum allowable value is 450 characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - type: object + required: + - name + - operation + - uid + properties: + name: + type: string + description: This must always be set to "Cloud Services Deployment Utility" + example: Cloud Services Deployment Utility + operation: + type: string + description: The operation to perform `getReferenceIdentityAttribute` + example: getReferenceIdentityAttribute + uid: + type: string + description: | + This is the SailPoint User Name (uid) value of the identity whose attribute is desired + + As a convenience feature, you can use the `manager` keyword to dynamically look up the user's manager and then get that manager's identity attribute. + example: 2c91808570313110017040b06f344ec9 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + - title: identityAttribute + type: object + required: + - name + properties: + name: + type: string + description: The system (camel-cased) name of the identity attribute to bring in + example: email + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: indexOf + type: object + required: + - substring + properties: + substring: + type: string + description: 'A substring to search for, searches the entire calling string, and returns the index of the first occurrence of the specified substring.' + example: admin_ + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: iso3166 + type: object + properties: + format: + type: string + description: | + An optional value to denote which ISO 3166 format to return. Valid values are: + + + `alpha2` - Two-character country code (e.g., "US"); this is the default value if no format is supplied + + + `alpha3` - Three-character country code (e.g., "USA") + + + `numeric` - The numeric country code (e.g., "840") + example: alpha2 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: leftPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lookup + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: | + This is a JSON object of key-value pairs. The key is the string that will attempt to be matched to the input, and the value is the output string that should be returned if the key is matched + + + >**Note** the use of the optional default key value here; if none of the three countries in the above example match the input string, the transform will return "Unknown Region" for the attribute that is mapped to this transform. + example: + USA: Americas + FRA: EMEA + AUS: APAC + default: Unknown Region + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: lower + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: nameNormalizer + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomAlphaNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: randomNumeric + type: object + properties: + length: + type: string + description: | + This is an integer value specifying the size/number of characters the random string must contain + + + * This value must be a positive number and cannot be blank + + + * If no length is provided, the transform will default to a value of `32` + + + * Due to identity attribute data constraints, the maximum allowable value is `450` characters + example: '10' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: reference + type: object + required: + - id + properties: + id: + type: string + description: This ID specifies the name of the pre-existing transform which you want to use within your current transform + example: Existing Transform + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replaceAll + type: object + required: + - table + properties: + table: + type: object + additionalProperties: true + description: 'An attribute of key-value pairs. Each pair identifies the pattern to search for as its key, and the replacement string as its value.' + example: + '-': ' ' + '"': '''' + ñ: 'n' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: replace + type: object + required: + - regex + - replacement + properties: + regex: + type: string + description: This can be a string or a regex pattern in which you want to replace. + example: '[^a-zA-Z]' + externalDocs: + description: Regex Builder + url: 'https://regex101.com/' + replacement: + type: string + description: This is the replacement string that should be substituded wherever the string or pattern is found. + example: ' ' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: rightPad + type: object + required: + - length + properties: + length: + type: string + description: An integer value for the desired length of the final output string + example: '4' + padding: + type: string + description: | + A string value representing the character that the incoming data should be padded with to get to the desired length + + + If not provided, the transform will default to a single space (" ") character for padding + example: '0' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: split + type: object + required: + - delimiter + - index + properties: + delimiter: + type: string + description: 'This can be either a single character or a regex expression, and is used by the transform to identify the break point between two substrings in the incoming data' + example: ',' + index: + type: string + description: 'An integer value for the desired array element after the incoming data has been split into a list; the array is a 0-based object, so the first array element would be index 0, the second element would be index 1, etc.' + example: '5' + throws: + type: boolean + description: | + A boolean (true/false) value which indicates whether an exception should be thrown and returned as an output when an index is out of bounds with the resultant array (i.e., the provided index value is larger than the size of the array) + + + `true` - The transform should return "IndexOutOfBoundsException" + + + `false` - The transform should return null + + + If not provided, the transform will default to false and return a null + example: true + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: static + type: object + required: + - values + properties: + values: + type: string + description: 'This must evaluate to a JSON string, either through a fixed value or through conditional logic using the Apache Velocity Template Language.' + example: string$variable + externalDocs: + description: Static Transform Documentation + url: 'https://developer.sailpoint.com/idn/docs/transforms/operations/static' + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + - title: substring + type: object + required: + - begin + properties: + begin: + type: integer + description: | + The index of the first character to include in the returned substring. + + + If `begin` is set to -1, the transform will begin at character 0 of the input data + example: 1 + format: int32 + beginOffset: + type: integer + description: | + This integer value is the number of characters to add to the begin attribute when returning a substring. + + This attribute is only used if begin is not -1. + example: 3 + format: int32 + end: + type: integer + description: | + The index of the first character to exclude from the returned substring. + + If end is -1 or not provided at all, the substring transform will return everything up to the end of the input string. + example: 6 + format: int32 + endOffset: + type: integer + description: | + This integer value is the number of characters to add to the end attribute when returning a substring. + + This attribute is only used if end is provided and is not -1. + example: 1 + format: int32 + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: trim + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: upper + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + input: + type: object + description: 'This is an optional attribute that can explicitly define the input data which will be fed into the transform logic. If input is not provided, the transform will take its input from the source and attribute combination configured via the UI.' + additionalProperties: true + example: + type: accountAttribute + attributes: + attributeName: first_name + sourceName: Source + - title: uuid + type: object + properties: + requiresPeriodicRefresh: + type: boolean + description: A value that indicates whether the transform logic should be re-evaluated every evening as part of the identity refresh process + example: false + default: false + internal: + type: boolean + readOnly: true + description: Indicates whether this is an internal SailPoint-created transform or a customer-created transform + example: false + WorkItems: + type: object + properties: + id: + type: string + description: ID of the work item + example: 2c9180835d2e5168015d32f890ca1581 + requesterId: + type: string + description: ID of the requester + example: 2c9180835d2e5168015d32f890ca1581 + requesterDisplayName: + type: string + description: The displayname of the requester + example: John Smith + ownerId: + type: string + description: The ID of the owner + example: 2c9180835d2e5168015d32f890ca1581 + ownerName: + type: string + description: The name of the owner + example: Jason Smith + created: + type: string + format: date-time + example: '2017-07-11T18:45:37.098Z' + description: Time when the work item was created + modified: + type: string + format: date-time + example: '2018-06-25T20:22:28.104Z' + description: Time when the work item was last updated + description: + type: string + description: The description of the work item + example: Create account on source 'AD' + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + type: + type: string + enum: + - UNKNOWN + - GENERIC + - CERTIFICATION + - REMEDIATION + - DELEGATION + - APPROVAL + - VIOLATIONREVIEW + - FORM + - POLICYVIOLATION + - CHALLENGE + - IMPACTANALYSIS + - SIGNOFF + - EVENT + - MANUALACTION + - TEST + example: GENERIC + description: The type of the work item + remediationItems: + type: object + properties: + id: + type: string + description: The ID of the certification + example: 2c9180835d2e5168015d32f890ca1581 + targetId: + type: string + description: The ID of the certification target + example: 2c9180835d2e5168015d32f890ca1581 + targetName: + type: string + description: The name of the certification target + example: john.smith + targetDisplayName: + type: string + description: The display name of the certification target + example: emailAddress + applicationName: + type: string + description: The name of the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute being certified + example: phoneNumber + attributeOperation: + type: string + description: The operation of the certification on the attribute + example: update + attributeValue: + type: string + description: The value of the attribute being certified + example: 512-555-1212 + nativeIdentity: + type: string + description: The native identity of the target + example: jason.smith2 + approvalItems: + type: object + properties: + id: + type: string + description: ID of the approval item + example: 2c9180835d2e5168015d32f890ca1581 + account: + type: string + description: The account referenced by the approval item + example: john.smith + application: + type: string + description: The name the application/source + example: Active Directory + attributeName: + type: string + description: The name of the attribute + example: emailAddress + attributeOperation: + type: string + description: The operation of the attribute + example: update + attributeValue: + type: string + description: The value of the attribute + example: a@b.com + state: + type: string + enum: + - FINISHED + - REJECTED + - RETURNED + - EXPIRED + - PENDING + - CANCELED + example: FINISHED + description: The state of a work item + name: + type: string + description: The work item name + example: Account Create + completed: + type: string + format: date-time + example: '2018-10-19T13:49:37.385Z' + description: The time at which the work item completed + numItems: + type: integer + format: int32 + description: The number of items in the work item + example: 19 + form: + type: object + properties: + id: + type: string + description: ID of the form + example: 2c9180835d2e5168015d32f890ca1581 + name: + type: string + description: Name of the form + example: AccountSelection Form + title: + type: string + description: The form title + example: Account Selection for John.Doe + subtitle: + type: string + description: The form subtitle. + example: Please select from the following + targetUser: + type: string + description: The name of the user that should be shown this form + example: Jane.Doe + sections: + type: object + allOf: + - type: object + properties: + name: + type: string + description: Name of the FormItem + example: Field1 + - type: object + properties: + label: + type: string + description: Label of the section + example: Section 1 + formItems: + type: array + items: + type: object + description: List of FormItems. FormItems can be SectionDetails and/or FieldDetails + example: [] + errors: + type: array + items: + type: string + example: + - The work item ID that was specified was not found. + description: An array of errors that ocurred during the work item + WorkItemsCount: + type: object + properties: + count: + type: integer + description: The count of work items + example: 29 + WorkItemsSummary: + type: object + properties: + open: + type: integer + description: The count of open work items + example: 29 + completed: + type: integer + description: The count of completed work items + example: 1 + total: + type: integer + description: The count of total work items + example: 30