LukeParke/developer.sailpoint.com
1
0
Fork 0
mirror of https://github.com/LukeHagar/developer.sailpoint.com.git synced 2025-12-06 04:19:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deploy to GitHub pages

Browse Source
This commit is contained in:
github-actions[bot]
2023-07-24 14:20:28 +00:00
committed by GitHub
commit 44504ff0ab
4377 changed files with 506021 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
.nojekyll Normal file
View File

20
404.html Normal file
View File

File diff suppressed because one or more lines are too long

1
CNAME Normal file
View File

@@ -0,0 +1 @@
developer.sailpoint.com

20
ambassador-program/index.html Normal file
View File

File diff suppressed because one or more lines are too long

BIN
ambassador/Ambassador-Program-Banner.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 MiB

BIN
ambassador/AmbassadorBadge-Pink-Hex.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

BIN
ambassador/AmbassadorBadge-QuadGrad-Squircle.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 136 KiB

BIN
ambassador/ambassador_banner_template.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 8.4 KiB

48
api-specs/arm/get_tags.js Normal file
View File

@@ -0,0 +1,48 @@
// look for and remove all \r\n instances
// also look for and remove all ':' instances\
// also find any missing "summary" tags on apis -- public whatif, arm2 supports dashboard
// look for any missing properties: "properties": {}
// look for any missing schema objects: "in": "query", swagger-provisioning/export,
const fs = require('fs');
const currentTags = []
const iterate = (obj) => {
for (var key of Object.keys(obj)) {
if (key === 'tags') {
if(currentTags.includes(obj[key][0]) === false && typeof obj[key][0] === 'string') {
currentTags.push(obj[key][0])
console.log(`key: ${key}, value: ${obj[key]}`)
}
}
if (typeof obj[key] === 'object' && obj[key] !== null) {
iterate(obj[key])
}
}
}
let rawdata = fs.readFileSync('static/arm-api/swagger-utilization-tracking.json');
let student = JSON.parse(rawdata);
iterate(student)
let tags = {"tags": []}
for (let tag of currentTags) {
tags["tags"].push({"name": tag})
}
console.log(JSON.stringify(tags))
// "tags": [
// {
// "name": "Agent"
// },
// {
// "name": "AgentInstruction"
// }
// ],

639
api-specs/arm/swagger-agent-management.json Normal file
View File

@@ -0,0 +1,639 @@
{
"openapi": "3.0.0",
"info": {
"version": "v1",
"title": "Access Risk Management Agent Management Service"
},
"tags": [
{
"name": "Agent"
},
{
"name": "AgentInstruction"
}
],
"paths": {
"/api/agent": {
"post": {
"tags": [
"Agent"
],
"summary": "Registers new agent using following agent data.",
"operationId": "RegisterAgent",
"requestBody": {
"$ref": "#/components/requestBodies/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
},
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"application/json": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"text/json": {
"schema": {
"format": "uuid",
"type": "string"
}
}
}
},
"500": {
"description": "Server Error"
}
}
},
"patch": {
"tags": [
"Agent"
],
"summary": "Updates existing agent using following agent data.",
"operationId": "UpdateAgent",
"requestBody": {
"$ref": "#/components/requestBodies/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
},
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"application/json": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"text/json": {
"schema": {
"format": "uuid",
"type": "string"
}
}
}
},
"404": {
"description": "Not Found",
"content": {
"text/plain": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
}
}
},
"500": {
"description": "Server Error"
}
}
}
},
"/api/agent/instruction": {
"post": {
"tags": [
"Agent"
],
"summary": "Gets instruction for specified agent. Also it updates appropriate agent metadata in the database.",
"operationId": "CheckForInstruction",
"requestBody": {
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
}
}
},
"description": "Agent metadata."
},
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.Common.Models.AgentInstructionDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.Common.Models.AgentInstructionDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.Common.Models.AgentInstructionDto"
}
}
}
},
"404": {
"description": "Not Found",
"content": {
"text/plain": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
}
}
},
"500": {
"description": "Server Error"
}
}
}
},
"/api/agent/emergencymessage": {
"post": {
"tags": [
"Agent"
],
"summary": "Sends the emergency email to fix team with detailed information.",
"operationId": "SendEmergencyMessage",
"requestBody": {
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.EmergencyMessageModel"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.EmergencyMessageModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.EmergencyMessageModel"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.EmergencyMessageModel"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.Common.Models.AgentInstructionDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.Common.Models.AgentInstructionDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.Common.Models.AgentInstructionDto"
}
}
}
},
"500": {
"description": "Server Error"
}
}
}
},
"/api/instruction/restart/{agentId}": {
"post": {
"tags": [
"AgentInstruction"
],
"summary": "Creates instruction to restart specified agent.",
"operationId": "RestartAgent",
"parameters": [
{
"name": "agentId",
"in": "path",
"description": "Identifier of the agent.",
"required": true,
"schema": {
"type": "string",
"format": "uuid"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"application/json": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"text/json": {
"schema": {
"format": "uuid",
"type": "string"
}
}
}
},
"404": {
"description": "Not Found",
"content": {
"text/plain": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
}
}
},
"500": {
"description": "Server Error"
}
}
}
},
"/api/instruction/reversion/{agentId}/{version}": {
"post": {
"tags": [
"AgentInstruction"
],
"summary": "Creates instruction to reversion specified agent.",
"operationId": "ReversionAgent",
"parameters": [
{
"name": "agentId",
"in": "path",
"description": "Identifier of the agent.",
"required": true,
"schema": {
"type": "string",
"format": "uuid"
}
},
{
"name": "version",
"in": "path",
"description": "Version to use.",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"application/json": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"text/json": {
"schema": {
"format": "uuid",
"type": "string"
}
}
}
},
"404": {
"description": "Not Found",
"content": {
"text/plain": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
}
}
},
"500": {
"description": "Server Error"
}
}
}
},
"/api/instruction/resetReversion/{agentId}": {
"post": {
"tags": [
"AgentInstruction"
],
"summary": "Creates instruction to reset reversion of specified agent.",
"operationId": "ResetReversion",
"parameters": [
{
"name": "agentId",
"in": "path",
"description": "Identifier of the agent.",
"required": true,
"schema": {
"type": "string",
"format": "uuid"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"application/json": {
"schema": {
"format": "uuid",
"type": "string"
}
},
"text/json": {
"schema": {
"format": "uuid",
"type": "string"
}
}
}
},
"404": {
"description": "Not Found",
"content": {
"text/plain": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/Microsoft.AspNetCore.Mvc.ProblemDetails"
}
}
}
},
"500": {
"description": "Server Error"
}
}
}
}
},
"components": {
"requestBodies": {
"ErpMaestro.AgentManagementService.WebApi.Models.AgentModel": {
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
}
}
},
"description": "Agent data."
}
},
"schemas": {
"ErpMaestro.AgentManagementService.WebApi.Models.AgentModel": {
"required": [
"hostName",
"platform",
"agentVersion",
"wrapperVersion"
],
"type": "object",
"properties": {
"id": {
"format": "uuid",
"description": "Identifier of the agent entity.",
"type": "string"
},
"customerId": {
"format": "uuid",
"description": "Identifier of the customer.",
"type": "string"
},
"hostName": {
"description": "Name of the machine where agent is installed.",
"type": "string"
},
"platform": {
"description": "Platform information, like win7-x64 or so.",
"type": "string"
},
"agentVersion": {
"description": "Version of the agent.",
"type": "string"
},
"wrapperVersion": {
"description": "Version of the wrapper.",
"type": "string"
}
}
},
"Microsoft.AspNetCore.Mvc.ProblemDetails": {
"type": "object",
"properties": {
"type": {
"type": "string"
},
"title": {
"type": "string"
},
"status": {
"format": "int32",
"type": "integer"
},
"detail": {
"type": "string"
},
"instance": {
"type": "string"
}
},
"additionalProperties": {
"type": "object"
}
},
"ErpMaestro.AgentManagementService.Common.Models.AgentInstructionDto": {
"type": "object",
"properties": {
"id": {
"format": "uuid",
"description": "Identifier of the instruction.",
"type": "string"
},
"agentId": {
"format": "uuid",
"description": "Identifier of related agent.",
"type": "string"
},
"instruction": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.Common.Constants.Instructions"
},
"payload": {
"description": "Instruction payload.",
"type": "string"
},
"processedDate": {
"format": "date-time",
"description": "Date when instruction was processed by the agent.",
"type": "string"
}
}
},
"ErpMaestro.AgentManagementService.Common.Constants.Instructions": {
"enum": [
"noAction",
"restart",
"reversion",
"resetReversion"
],
"type": "string"
},
"ErpMaestro.AgentManagementService.WebApi.Models.EmergencyMessageModel": {
"description": "Model used in sending emergency message from the agent.",
"required": [
"message"
],
"type": "object",
"properties": {
"agent": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.AgentModel"
},
"message": {
"description": "Contains description and additional information which would be useful to solve the problem.",
"type": "string"
},
"heartbeats": {
"description": "List of heartbeats from the agent",
"uniqueItems": false,
"type": "array",
"items": {
"$ref": "#/components/schemas/ErpMaestro.AgentManagementService.WebApi.Models.HeartbeatModel"
}
}
}
},
"ErpMaestro.AgentManagementService.WebApi.Models.HeartbeatModel": {
"description": "Represents latest heartbeat of agent's component",
"required": [
"componentName",
"timestampUtc"
],
"type": "object",
"properties": {
"componentName": {
"description": "Component name",
"type": "string"
},
"timestampUtc": {
"format": "date-time",
"description": "Latest I'm alive timestamp of that component",
"type": "string"
}
}
}
}
}
}

8891
api-specs/arm/swagger-analysis.json Normal file
View File

File diff suppressed because it is too large Load Diff

38866
api-specs/arm/swagger-arm.json Normal file
View File

File diff suppressed because it is too large Load Diff

948
api-specs/arm/swagger-arm2.json Normal file
View File

@@ -0,0 +1,948 @@
{
"openapi": "3.0.1",
"info": {
"title": "Access Risk Management ARM Web APIs",
"version": "v1"
},
"tags":[{"name":"CustomerSot"},{"name":"SupportDashboard"},{"name":"UserSync"}],
"paths": {
"/api/customer-sot": {
"get": {
"tags": [
"CustomerSot"
],
"summary": "Get Customers with Source of Truth based on OData functionality.",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.metadata=minimal": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.metadata=full": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.metadata=none": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.streaming=true": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json;odata.streaming=false": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/xml": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"application/prs.odatatestxx-odata": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"text/plain": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/CustomerAccountSotDto"
}
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=minimal": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=full": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=none": {
"schema": {}
},
"application/json;odata.streaming=true": {
"schema": {}
},
"application/json;odata.streaming=false": {
"schema": {}
},
"application/json": {
"schema": {}
},
"application/xml": {
"schema": {}
},
"application/prs.odatatestxx-odata": {
"schema": {}
},
"text/plain": {
"schema": {}
},
"text/json": {
"schema": {}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=minimal": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=full": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=none": {
"schema": {}
},
"application/json;odata.streaming=true": {
"schema": {}
},
"application/json;odata.streaming=false": {
"schema": {}
},
"application/json": {
"schema": {}
},
"application/xml": {
"schema": {}
},
"application/prs.odatatestxx-odata": {
"schema": {}
},
"text/plain": {
"schema": {}
},
"text/json": {
"schema": {}
}
}
}
}
},
"put": {
"tags": [
"CustomerSot"
],
"summary": "Update the SourceOfTruths of CustomerSots.",
"requestBody": {
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.metadata=minimal": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.metadata=full": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.metadata=none": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.streaming=true": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json;odata.streaming=false": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/xml": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/prs.odatatestxx-odata": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/ListOfCustomerSotSimpleDto"
}
}
}
},
"responses": {
"200": {
"description": "Success"
},
"401": {
"description": "Unauthorized",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=minimal": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=full": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=none": {
"schema": {}
},
"application/json;odata.streaming=true": {
"schema": {}
},
"application/json;odata.streaming=false": {
"schema": {}
},
"application/json": {
"schema": {}
},
"application/xml": {
"schema": {}
},
"application/prs.odatatestxx-odata": {
"schema": {}
},
"text/plain": {
"schema": {}
},
"text/json": {
"schema": {}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=minimal": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=full": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=none": {
"schema": {}
},
"application/json;odata.streaming=true": {
"schema": {}
},
"application/json;odata.streaming=false": {
"schema": {}
},
"application/json": {
"schema": {}
},
"application/xml": {
"schema": {}
},
"application/prs.odatatestxx-odata": {
"schema": {}
},
"text/plain": {
"schema": {}
},
"text/json": {
"schema": {}
}
}
}
}
}
},
"/api/support-dashboard": {
"get": {
"tags": [
"SupportDashboard"
],
"summary": "supports dashboard",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=minimal": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=full": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=none": {
"schema": {
"type": "string"
}
},
"application/json;odata.streaming=true": {
"schema": {
"type": "string"
}
},
"application/json;odata.streaming=false": {
"schema": {
"type": "string"
}
},
"application/json": {
"schema": {
"type": "string"
}
},
"application/xml": {
"schema": {
"type": "string"
}
},
"application/prs.odatatestxx-odata": {
"schema": {
"type": "string"
}
},
"text/plain": {
"schema": {
"type": "string"
}
},
"text/json": {
"schema": {
"type": "string"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=minimal": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=full": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=none": {
"schema": {}
},
"application/json;odata.streaming=true": {
"schema": {}
},
"application/json;odata.streaming=false": {
"schema": {}
},
"application/json": {
"schema": {}
},
"application/xml": {
"schema": {}
},
"application/prs.odatatestxx-odata": {
"schema": {}
},
"text/plain": {
"schema": {}
},
"text/json": {
"schema": {}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=minimal": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=full": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=none": {
"schema": {}
},
"application/json;odata.streaming=true": {
"schema": {}
},
"application/json;odata.streaming=false": {
"schema": {}
},
"application/json": {
"schema": {}
},
"application/xml": {
"schema": {}
},
"application/prs.odatatestxx-odata": {
"schema": {}
},
"text/plain": {
"schema": {}
},
"text/json": {
"schema": {}
}
}
}
}
}
},
"/api/usersync": {
"post": {
"tags": [
"UserSync"
],
"summary": "Kick off User Sync Process by queuing a message.",
"responses": {
"200": {
"description": "Success",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=minimal": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=full": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {
"type": "string"
}
},
"application/json;odata.metadata=none": {
"schema": {
"type": "string"
}
},
"application/json;odata.streaming=true": {
"schema": {
"type": "string"
}
},
"application/json;odata.streaming=false": {
"schema": {
"type": "string"
}
},
"application/json": {
"schema": {
"type": "string"
}
},
"application/xml": {
"schema": {
"type": "string"
}
},
"application/prs.odatatestxx-odata": {
"schema": {
"type": "string"
}
},
"text/plain": {
"schema": {
"type": "string"
}
},
"text/json": {
"schema": {
"type": "string"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=minimal": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=full": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=none": {
"schema": {}
},
"application/json;odata.streaming=true": {
"schema": {}
},
"application/json;odata.streaming=false": {
"schema": {}
},
"application/json": {
"schema": {}
},
"application/xml": {
"schema": {}
},
"application/prs.odatatestxx-odata": {
"schema": {}
},
"text/plain": {
"schema": {}
},
"text/json": {
"schema": {}
}
}
},
"403": {
"description": "Forbidden",
"content": {
"application/json;odata.metadata=minimal;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=minimal;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=minimal": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=full;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=full": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=true": {
"schema": {}
},
"application/json;odata.metadata=none;odata.streaming=false": {
"schema": {}
},
"application/json;odata.metadata=none": {
"schema": {}
},
"application/json;odata.streaming=true": {
"schema": {}
},
"application/json;odata.streaming=false": {
"schema": {}
},
"application/json": {
"schema": {}
},
"application/xml": {
"schema": {}
},
"application/prs.odatatestxx-odata": {
"schema": {}
},
"text/plain": {
"schema": {}
},
"text/json": {
"schema": {}
}
}
}
}
}
}
},
"components": {
"schemas": {
"AuthenticationMethods": {
"enum": [
0,
1,
2,
3,
4
],
"type": "integer",
"format": "int32"
},
"CustomerAccountSotDto": {
"type": "object",
"properties": {
"customerId": {
"type": "string",
"format": "uuid",
"nullable": true
},
"accountId": {
"type": "integer",
"format": "int32",
"nullable": true
},
"customerName": {
"type": "string",
"nullable": true
},
"accountName": {
"type": "string",
"nullable": true
},
"authenticationMethod": {
"$ref": "#/components/schemas/AuthenticationMethods"
},
"sourceOfTruth": {
"type": "integer",
"format": "int32"
}
},
"additionalProperties": false
},
"SourceOfTruth": {
"enum": [
0,
1
],
"type": "integer",
"format": "int32"
},
"SimpleSotDto": {
"type": "object",
"properties": {
"customerId": {
"type": "string",
"format": "uuid",
"nullable": true
},
"accountId": {
"type": "integer",
"format": "int32",
"nullable": true
},
"sourceOfTruth": {
"$ref": "#/components/schemas/SourceOfTruth"
}
},
"additionalProperties": false
},
"ListOfCustomerSotSimpleDto": {
"type": "object",
"properties": {
"simpleSotDtos": {
"type": "array",
"items": {
"$ref": "#/components/schemas/SimpleSotDto"
},
"nullable": true
}
},
"additionalProperties": false
}
}
}
}

7908
api-specs/arm/swagger-authentication.json Normal file
View File

File diff suppressed because it is too large Load Diff

1539
api-specs/arm/swagger-cloud-agent.json Normal file
View File

File diff suppressed because it is too large Load Diff

27241
api-specs/arm/swagger-jobs.json Normal file
View File

File diff suppressed because it is too large Load Diff

4199
api-specs/arm/swagger-logging.json Normal file
View File

File diff suppressed because it is too large Load Diff

3832
api-specs/arm/swagger-provisioning.json Normal file
View File

File diff suppressed because it is too large Load Diff

2829
api-specs/arm/swagger-public.json Normal file
View File

File diff suppressed because it is too large Load Diff

12104
api-specs/arm/swagger-rulebook.json Normal file
View File

File diff suppressed because it is too large Load Diff

3049
api-specs/arm/swagger-scheduling.json Normal file
View File

File diff suppressed because it is too large Load Diff

665
api-specs/arm/swagger-utilization-tracking.json Normal file
View File

@@ -0,0 +1,665 @@
{
"openapi": "3.0.1",
"info": {
"title": "Access Risk Management Utilization Tracking",
"version": "v1"
},
"tags":[{"name":"ChangeDocument"},{"name":"EamUtilization"}],
"paths": {
"/api/utilization/changedocument": {
"post": {
"tags": [
"ChangeDocument"
],
"summary": "Responsible for creating a new Change Document record, based on the supplied model.",
"requestBody": {
"description": "Represents the Change Document model that will be created.",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"type": "integer",
"format": "int64"
}
},
"application/json": {
"schema": {
"type": "integer",
"format": "int64"
}
},
"text/json": {
"schema": {
"type": "integer",
"format": "int64"
}
}
}
},
"400": {
"description": "Bad Request",
"content": {
"text/plain": {
"schema": {
"type": "string"
}
},
"application/json": {
"schema": {
"type": "string"
}
},
"text/json": {
"schema": {
"type": "string"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"text/plain": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"application/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"text/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
}
}
}
}
},
"patch": {
"tags": [
"ChangeDocument"
],
"summary": "Responsible for updating an existing Change Document record, based on the supplied model.",
"requestBody": {
"description": "Represents the Change Document model that will be updated.",
"content": {
"application/json-patch+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"application/*+json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
}
}
},
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
}
}
},
"400": {
"description": "Bad Request",
"content": {
"text/plain": {
"schema": {
"type": "string"
}
},
"application/json": {
"schema": {
"type": "string"
}
},
"text/json": {
"schema": {
"type": "string"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"text/plain": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"application/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"text/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
}
}
}
}
}
},
"/api/utilization/changedocument/{changeDocumentId}": {
"get": {
"tags": [
"ChangeDocument"
],
"summary": "Returns a Change Document record, based on the supplied change document identifier.",
"parameters": [
{
"name": "changeDocumentId",
"in": "path",
"description": "Represents the Change Document identifier.",
"required": true,
"schema": {
"type": "integer",
"description": "Represents the Change Document identifier.",
"format": "int64"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
},
"text/json": {
"schema": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
}
}
},
"400": {
"description": "Bad Request",
"content": {
"text/plain": {
"schema": {
"type": "string"
}
},
"application/json": {
"schema": {
"type": "string"
}
},
"text/json": {
"schema": {
"type": "string"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"text/plain": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"application/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"text/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
}
}
}
}
}
},
"/api/utilization/changedocument/eamid/{emergencyAccessRequestId}": {
"get": {
"tags": [
"ChangeDocument"
],
"summary": "Returns a collection of Change Document records, based on the supplied emergency access request identifier.",
"parameters": [
{
"name": "emergencyAccessRequestId",
"in": "path",
"description": "Represents the Emergency Access Request identifier.",
"required": true,
"schema": {
"type": "string",
"description": "Represents the Emergency Access Request identifier.",
"format": "uuid"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
}
},
"application/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
}
},
"text/json": {
"schema": {
"type": "array",
"items": {
"$ref": "#/components/schemas/ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel"
}
}
}
}
},
"400": {
"description": "Bad Request",
"content": {
"text/plain": {
"schema": {
"type": "string"
}
},
"application/json": {
"schema": {
"type": "string"
}
},
"text/json": {
"schema": {
"type": "string"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"text/plain": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"application/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"text/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
}
}
}
}
}
},
"/api/utilization/changedocument/hasData/{emergencyAccessRequestId}": {
"get": {
"tags": [
"ChangeDocument"
],
"summary": "Determines if there are any Change Document record(s) for the given emergencyAccessRequestId.",
"parameters": [
{
"name": "emergencyAccessRequestId",
"in": "path",
"description": "Represents the unique identifier of the Emergency Access Request.",
"required": true,
"schema": {
"type": "string",
"description": "Represents the unique identifier of the Emergency Access Request.",
"format": "uuid"
}
}
],
"responses": {
"200": {
"description": "Success",
"content": {
"text/plain": {
"schema": {
"type": "boolean"
}
},
"application/json": {
"schema": {
"type": "boolean"
}
},
"text/json": {
"schema": {
"type": "boolean"
}
}
}
},
"400": {
"description": "Bad Request",
"content": {
"text/plain": {
"schema": {
"type": "string"
}
},
"application/json": {
"schema": {
"type": "string"
}
},
"text/json": {
"schema": {
"type": "string"
}
}
}
},
"401": {
"description": "Unauthorized",
"content": {
"text/plain": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"application/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
},
"text/json": {
"schema": {
"type": "object",
"additionalProperties": false
}
}
}
}
}
}
},
"/api/utilization/eam/{eamRequestId}/hasAvailableData": {
"get": {
"tags": [
"EamUtilization"
],
"summary": "Returns a boolean indicating if the specified EAM request has utilization data on UTS",
"parameters": [
{
"name": "eamRequestId",
"in": "path",
"description": "Id for EAM Request",
"required": true,
"schema": {
"type": "string",
"description": "Id for EAM Request",
"format": "uuid"
}
}
],
"responses": {
"200": {
"description": "Success"
}
}
}
},
"/api/utilization/eam/{eamRequestId}/availableData": {
"get": {
"tags": [
"EamUtilization"
],
"summary": "Returns utilization data for an specific EAM Request in an Aggregate form ErpMaestro.UtilizationTracking.Common.Models.AggregateUtilizationResponse",
"parameters": [
{
"name": "eamRequestId",
"in": "path",
"required": true,
"schema": {
"type": "string",
"format": "uuid"
}
}
],
"responses": {
"200": {
"description": "Success"
}
}
}
},
"/api/utilization/eam/{erpSystemId}/{eamRequestId}": {
"post": {
"tags": [
"EamUtilization"
],
"summary": "Upload and process utilization data for an EAM request after validate the relation between the Erp System and the EAM request",
"parameters": [
{
"name": "erpSystemId",
"in": "path",
"description": "",
"required": true,
"schema": {
"type": "integer",
"description": "",
"format": "int32"
}
},
{
"name": "eamRequestId",
"in": "path",
"description": "",
"required": true,
"schema": {
"type": "string",
"description": "",
"format": "uuid"
}
}
],
"requestBody": {
"content": {
"multipart/form-data": {
"schema": {
"type": "object",
"properties": {
"contentType": {
"type": "string",
"nullable": true
},
"contentDisposition": {
"type": "string",
"nullable": true
},
"headers": {
"type": "object",
"additionalProperties": {
"type": "array",
"items": {
"type": "string"
}
},
"nullable": true
},
"length": {
"type": "integer",
"format": "int64"
},
"name": {
"type": "string",
"nullable": true
},
"fileName": {
"type": "string",
"nullable": true
}
}
},
"encoding": {
"contentType": {
"style": "form"
},
"contentDisposition": {
"style": "form"
},
"headers": {
"style": "form"
},
"length": {
"style": "form"
},
"name": {
"style": "form"
},
"fileName": {
"style": "form"
}
}
}
}
},
"responses": {
"200": {
"description": "Success"
}
}
}
}
},
"components": {
"schemas": {
"ErpMaestro.UtilizationTracking.Common.Models.ChangeDocumentModel": {
"type": "object",
"properties": {
"id": {
"type": "integer",
"format": "int64"
},
"emergencyAccessRequestId": {
"type": "string",
"format": "uuid"
},
"erpSystemId": {
"type": "integer",
"format": "int32"
},
"documentData": {
"type": "string",
"nullable": true
},
"createdDateUtc": {
"type": "string",
"format": "date-time"
},
"createdBy": {
"type": "string",
"nullable": true
},
"updatedDateUtc": {
"type": "string",
"format": "date-time",
"nullable": true
},
"updatedBy": {
"type": "string",
"nullable": true
}
},
"additionalProperties": false
}
}
}
}

85
api-specs/idn/beta/paths/access-profile-bulk-delete.yaml Normal file
View File

@@ -0,0 +1,85 @@
post:
operationId: deleteAccessProfilesInBulk
summary: Delete Access Profile(s)
tags:
- Access Profiles
description: >-
This API initiates a bulk deletion of one or more Access Profiles.
By default, if any of the indicated Access Profiles are in use, no deletions will be performed and the **inUse**
field of the response indicates the usages that must be removed first. If the request field **bestEffortOnly** is
**true**, however, usages are reported in the **inUse** response field but all other indicated Access Profiles will
be deleted.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition,
a SOURCE_SUBADMIN may only use this API to delete Access Profiles which are associated with Sources they are able
to administer.
requestBody:
required: true
content:
application/json:
schema:
$ref: '../../v3/schemas/access/AccessProfileBulkDeleteRequest.yaml'
example:
{
"bestEffortOnly": true,
"accessProfileIds": [ "2c91808876438bb2017668b91919ecca","2c91808876438ba801766e129f151816" ]
}
responses:
'200':
description: Returned only if **bestEffortOnly** is **false**, and one or more Access Profiles are in use.
content:
application/json:
schema:
$ref: '../../v3/schemas/access/AccessProfileBulkDeleteResponse.yaml'
example:
{
"pending": [],
"inUse": [
{
"accessProfileId": "2c91808876438ba801766e129f151816",
"usages": [
{
"type": "Role",
"id": "2c9180887643764201766e9f6e121518"
}
]
}
]
}
'202':
description: Returned if at least one deletion will be performed.
content:
application/json:
schema:
$ref: '../../v3/schemas/access/AccessProfileBulkDeleteResponse.yaml'
example:
{
"taskId":"2c91808a7813090a01781412a1119a20",
"pending":["2c91808a7813090a017813fe1919ecca"],
"inUse": [
{
"accessProfileId": "2c91808876438ba801766e129f151816",
"usages": [
{
"type": "Role",
"id": "2c9180887643764201766e9f6e121518"
}
]
}
]
}
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
security:
- oauth2: [idn:access-profile:manage]

90
api-specs/idn/beta/paths/access-profile-entitlements.yaml Normal file
View File

@@ -0,0 +1,90 @@
get:
operationId: getAccessProfileEntitlements
tags:
- Access Profiles
summary: List Access Profile's Entitlements
description: >-
This API lists the Entitlements associated with a given Access Profile
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In
addition, a token with SOURCE_SUBADMIN authority must have access to the Source associated with the given
Access Profile
parameters:
- name: id
in: path
description: ID of the containing Access Profile
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following Entitlement fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**attribute**: *eq, sw*
**value**: *eq, sw*
**created, modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**source.id**: *eq, in*
example: attribute eq "memberOf"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, attribute, value, created, modified**
example: name,-modified
required: false
responses:
'200':
description: List of Entitlements
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/Entitlement.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
security:
- oauth2: [idn:access-profile:read, idn:access-profile:manage]

184
api-specs/idn/beta/paths/access-profile.yaml Normal file
View File

@@ -0,0 +1,184 @@
get:
operationId: getAccessProfile
tags:
- Access Profiles
summary: Get an Access Profile
description: >-
This API returns an Access Profile by its ID.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to
call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: >-
ID of the Access Profile
example: 2c9180837ca6693d017ca8d097500149
responses:
'200':
description: An AccessProfile
content:
application/json:
schema:
$ref: '../../v3/schemas/access/AccessProfile.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
security:
- oauth2: [idn:access-profile:read, idn:access-profile:manage]
patch:
operationId: patchAccessProfile
tags:
- Access Profiles
summary: Patch a specified Access Profile
description: >-
This API updates an existing Access Profile. The following fields are patchable:
**name**, **description**, **enabled**, **owner**, **requestable**,
**accessRequestConfig**, **revokeRequestConfig**, **segments**, **entitlements**, **provisioningCriteria**
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to call this API. In addition, a
SOURCE_SUBADMIN may only use this API to patch Access Profiles which are associated with Sources they are able to
administer.
> The maximum supported length for the description field is 2000 characters.
Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
> You can only add or replace **entitlements** that exist on the source that the access profile is attached to.
You can use the **list entitlements** endpoint with the **filters** query parameter to get a list of available entitlements on the access profile's source.
> Patching the value of the **requestable** field is only supported for customers enabled with the new Request
Center. Otherwise, attempting to modify this field results in a 400 error.
parameters:
- name: id
in: path
description: ID of the Access Profile to patch
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
requestBody:
content:
application/json-patch+json:
schema:
type: array
items:
$ref: '../schemas/JsonPatchOperation.yaml'
examples:
Add Entitlements:
description: Add one or more entitlements to the end of the list
value:
- op: add
path: /entitlements
value:
- id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Insert Entitlement:
description: Add an entitlement at the beginning of the entitlement list
value:
- op: add
path: /entitlements/0
value:
id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Replace Entitlements:
description: Replace all entitlements with a new list of entitlements
value:
- op: replace
path: /entitlements
value:
- id: 2c9180857725c14301772a93bb77242d
type: ENTITLEMENT
name: AD User Group
Remove Entitlement:
description: Remove the first entitlement in the list
value:
- op: remove
path: /entitlements/0
required: true
responses:
'200':
description: Responds with the Access Profile as updated.
content:
application/json:
schema:
$ref: '../../v3/schemas/access/AccessProfile.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
security:
- oauth2: [idn:access-profile:manage]
delete:
operationId: deleteAccessProfile
tags:
- Access Profiles
summary: Delete the specified Access Profile
description: >-
This API deletes an existing Access Profile.
The Access Profile must not be in use. If it is, a 400 error is returned.
A token with API, ORG_ADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to invoke this API. In addition,
a SOURCE_SUBADMIN token must be able to administer the Source associated with the Access Profile.
parameters:
- name: id
in: path
description: ID of the Access Profile to delete
required: true
schema:
type: string
example: 2c91808a7813090a017814121919ecca
responses:
'204':
$ref: "../../v3/responses/204.yaml"
'400':
description: Returned when an access profile cannot be deleted as it's being used.
content:
application/json:
schema:
$ref: '../../v3/schemas/ErrorResponseDto.yaml'
examples:
400.2.1.0 Object in use by another:
description: Returned when an access profile cannot be deleted as it's being used
value:
detailCode: 400.2.1.0 Object in use by another
trackingId: c9c1033c55b84ebc9e93e926dcf8b8b3
messages:
- locale: en-US
localeOrigin: DEFAULT
text: The "testAccessProfile" access profile can't be deleted because it's in use.
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
security:
- oauth2: [idn:access-profile:manage]

24
api-specs/idn/beta/paths/access-profiles-cleanup.yaml Normal file
View File

@@ -0,0 +1,24 @@
post:
operationId: cleanupAccessProfiles
summary: Cleanup invalid access profiles.
description: >-
Used by internal services to cleanup invalid access profiles in the system. An access profile is considered invalid,
if it contains no valid entitlements. The references to the deleted entitlements should be cleaned up from the
invalid access profiles. Then the access profiles are disabled. According to the current implementation, this API is
scheduled to be called by a periodic task once a day at 12:00 AM.
tags:
- Internal Use Only
responses:
'204':
$ref: '../../v3/responses/204.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

153
api-specs/idn/beta/paths/access-profiles.yaml Normal file
View File

@@ -0,0 +1,153 @@
get:
operationId: listAccessProfiles
tags:
- Access Profiles
summary: List Access Profiles
description: >-
This API returns a list of Access Profiles.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to
call this API.
parameters:
- in: query
name: for-subadmin
schema:
type: string
description: >-
If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN or
SOURCE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value **me**,
which is shorthand for the calling Identity's ID.
A 400 Bad Request error is returned if the **for-subadmin** parameter is specified for an Identity that is not
a subadmin.
example: 8c190e6787aa4ed9a90bd9d5344523fb
required: false
- $ref: '../../v3/parameters/limit50.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**created, modified**: *gt, lt, ge, le*
**owner.id**: *eq, in*
**requestable**: *eq*
**source.id**: *eq, in*
example: name eq "SailPoint Support"
required: false
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
example: name,-modified
required: false
- in: query
name: for-segment-ids
schema:
type: string
format: comma-separated
description: >-
If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s)
with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
example: 0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d
required: false
- in: query
name: include-unsegmented
schema:
type: boolean
default: true
description: >-
Whether or not the response list should contain unsegmented Access Profiles.
If *for-segment-ids* is absent or empty, specifying *include-unsegmented* as false results in an error.
example: false
required: false
responses:
'200':
description: List of Access Profiles
content:
application/json:
schema:
type: array
items:
$ref: '../../v3/schemas/access/AccessProfile.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
security:
- oauth2: [idn:access-profile:read, idn:access-profile:manage]
post:
operationId: createAccessProfile
tags:
- Access Profiles
summary: Create an Access Profile
description: >-
This API creates an Access Profile.
A token with API, ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN authority is required to
call this API. In addition, a token with only ROLE_SUBADMIN or SOURCE_SUBADMIN authority must be associated with the
Access Profile's Source.
The maximum supported length for the description field is 2000 characters.
Longer descriptions will be preserved for existing access profiles, however, any new access profiles as well as any updates to existing descriptions will be limited to 2000 characters.
requestBody:
required: true
content:
application/json:
schema:
$ref: '../../v3/schemas/access/AccessProfile.yaml'
responses:
'201':
description: Access Profile created
content:
application/json:
schema:
$ref: '../../v3/schemas/access/AccessProfile.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
security:
- oauth2: [idn:access-profile:manage]

49
api-specs/idn/beta/paths/access-request-approval-summary.yaml Normal file
View File

@@ -0,0 +1,49 @@
get:
operationId: getAccessRequestApprovalSummary
summary: Get the number of pending, approved and rejected access requests approvals
tags:
- Access Request Approvals
description: >-
This endpoint returns the number of pending, approved and rejected access requests approvals.
See "owner-id" query parameter below for authorization info.
parameters:
- in: query
name: owner-id
schema:
type: string
description: >-
The id of the owner or approver identity of the approvals. If present, the value returns approval summary for the specified identity.
* ORG_ADMIN users can call this with any identity ID value.
* ORG_ADMIN user can also fetch all the approvals in the org, when owner-id is not used.
* Non ORG_ADMIN users can only specify *me* or pass their own identity ID value.
- in: query
name: from-date
schema:
type: string
description: >-
From date is the date and time from which the results will be shown. It should be in a valid ISO-8601 format
example: from-date=2020-03-19T19:59:11Z
responses:
'200':
description: Number of pending, approved, rejected access request approvals.
content:
application/json:
schema:
$ref: '../schemas/ApprovalSummary.yaml'
'400':
description: Client Error - Returned if the query parameter is invalid.
content:
application/json:
schema:
$ref: '../../v3/schemas/ErrorResponseDto.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

41
api-specs/idn/beta/paths/access-roles-change-segment-assignments.yaml Normal file
View File

@@ -0,0 +1,41 @@
post:
operationId: accessRolesChangeSegmentAssignments
tags:
- Segments
summary: Change Segment assignments.
description: >-
This API allows to change the Segment assignments for roles and access-profiles.
No more than 50 changes can be made in a single call. A 400 error will result if more changes than that are
specified.
Note that segmentation changes may take time to propagate through the system.
A token with ORG_ADMIN or API authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/AccessRolesChangeSegmentAssignments.yaml'
responses:
'202':
description: Accepted for processing, indicates no errors detected.
$ref: '../../v3/responses/202.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
security:
- oauth2: [idn:segments:manage]

90
api-specs/idn/beta/paths/account-activities.yaml Normal file
View File

@@ -0,0 +1,90 @@
get:
operationId: listAccountActivities
tags:
- Account Activities
summary: List Account Activities
description: >-
This gets a collection of account activities that satisfy the given query parameters.
parameters:
- in: query
name: requested-for
schema:
type: string
description: >-
The identity that the activity was requested for. *me* indicates the current user. Mutually exclusive with
*regarding-identity*.
required: false
- in: query
name: requested-by
schema:
type: string
description: >-
The identity that requested the activity. *me* indicates the current user. Mutually exclusive with
*regarding-identity*.
required: false
- in: query
name: regarding-identity
schema:
type: string
description: >-
The specified identity will be either the requester or target of the account activity. *me* indicates the
current user. Mutually exclusive with *requested-for* and *requested-by*.
required: false
- in: query
name: type
schema:
type: string
description: The type of account activity.
required: false
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**type**: *eq, in*
**created**: *gt, lt, ge, le*
**modified**: *gt, lt, ge, le*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **type, created, modified**
responses:
'200':
description: List of account activities
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/CancelableAccountActivity.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

36
api-specs/idn/beta/paths/account-activity.yaml Normal file
View File

@@ -0,0 +1,36 @@
get:
operationId: getAccountActivity
tags:
- Account Activities
summary: Get Account Activity
description: >-
This gets a single account activity by its id.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account activity id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: An account activity object
content:
application/json:
schema:
$ref: '../schemas/CancelableAccountActivity.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

49
api-specs/idn/beta/paths/account-aggregation-status.yaml Normal file
View File

@@ -0,0 +1,49 @@
get:
operationId: getAccountAggregationStatus
tags:
- Account Aggregations
summary: In-progress Account Aggregation status
description: >-
This API returns the status of an *in-progress* account aggregation, along with the total number of **NEW**,
**CHANGED** and **DELETED** accounts found since the previous aggregation, and the number of those accounts that
have been processed so far.
Accounts that have not changed since the previous aggregation are not included in **totalAccounts** and
**processedAccounts** counts returned by this API. This is distinct from **Accounts Scanned** shown in the
Aggregation UI, which indicates total accounts scanned regardless of whether they changed or not.
Since this endpoint reports on the status of an *in-progress* account aggregation, totalAccounts and
processedAccounts may change between calls to this endpoint.
*Only available up to an hour after the aggregation completes. May respond with *404 Not Found* after that.*
A token with ORG_ADMIN, SOURCE_ADMIN, SOURCE_SUBADMIN or DASHBOARD authority is required to call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account aggregation id
example: 2c91808477a6b0c60177a81146b8110b
responses:
'200':
description: An account aggregation status object
content:
application/json:
schema:
$ref: '../schemas/AccountAggregationStatus.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

50
api-specs/idn/beta/paths/account-usages.yaml Normal file
View File

@@ -0,0 +1,50 @@
get:
tags:
- Account Usages
summary: Returns account usage insights
description: >-
This API returns summary of account usage insights for past 12 months.
operationId: getUsagesByAccountId
parameters:
- name: accountId
in: path
description: ID of IDN account
required: true
schema:
type: string
example: 'ef38f94347e94562b5bb8424a56397d8'
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **date**
example: -date
security:
- oauth2: [ idn:accounts:read ]
responses:
'200':
description: Summary of account usage insights for past 12 months.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/AccountUsage.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

170
api-specs/idn/beta/paths/account.yaml Normal file
View File

@@ -0,0 +1,170 @@
get:
operationId: getAccount
tags:
- Accounts
summary: Account Details
description: >-
This API returns the details for a single account based on the ID.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts:read, idn:accounts:manage]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account ID
example: ef38f94347e94562b5bb8424a56397d8
responses:
"200":
description: An account object
content:
application/json:
schema:
$ref: "../schemas/Account.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
patch:
operationId: updateAccount
tags:
- Accounts
summary: Update Account
description: >-
This updates account details.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts:manage]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
description: >-
A list of account update operations according to the [JSON
Patch](https://tools.ietf.org/html/rfc6902) standard.
content:
application/json-patch+json:
schema:
type: array
items:
type: object
example:
- op: "replace"
path: "/identityId"
value: "2c9180845d1edece015d27a975983e21"
responses:
"202":
description: Accepted. Update request accepted and is in progress.
$ref: "../../v3/responses/202.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
put:
operationId: putAccount
tags:
- Accounts
summary: Update Account
description: >-
This API submits an account update task and returns the task ID.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts:manage]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
$ref: "../schemas/AccountAttributes.yaml"
responses:
"202":
description: Async task details
content:
application/json:
schema:
$ref: "../schemas/AccountsAsyncResult.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
delete:
operationId: deleteAccount
tags:
- Accounts
summary: Delete Account
description: >-
This API submits an account delete task and returns the task ID.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts:manage]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account ID
example: ef38f94347e94562b5bb8424a56397d8
responses:
"202":
description: Async task details
content:
application/json:
schema:
$ref: "../schemas/AccountsAsyncResult.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"

44
api-specs/idn/beta/paths/accounts-id-disable.yaml Normal file
View File

@@ -0,0 +1,44 @@
post:
operationId: disableAccount
tags:
- Accounts
summary: Disable Account
description: >-
This API submits a task to disable the account and returns the task ID.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts-state:manage]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/AccountToggleRequest.yaml'
responses:
'202':
description: Async task details
content:
application/json:
schema:
$ref: '../schemas/AccountsAsyncResult.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

44
api-specs/idn/beta/paths/accounts-id-enable.yaml Normal file
View File

@@ -0,0 +1,44 @@
post:
operationId: enableAccount
tags:
- Accounts
summary: Enable Account
description: >-
This API submits a task to enable account and returns the task ID.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts-state:manage]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/AccountToggleRequest.yaml'
responses:
'202':
description: Async task details
content:
application/json:
schema:
$ref: '../schemas/AccountsAsyncResult.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

43
api-specs/idn/beta/paths/accounts-id-entitlements.yaml Normal file
View File

@@ -0,0 +1,43 @@
get:
operationId: getAccountEntitlements
tags:
- Accounts
summary: Account Entitlements
description: >-
This API returns entitlements of the account.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts:read]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/count.yaml'
responses:
'200':
description: An array of account entitlements
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/Entitlement.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

38
api-specs/idn/beta/paths/accounts-id-reload.yaml Normal file
View File

@@ -0,0 +1,38 @@
post:
operationId: reloadAccount
tags:
- Accounts
summary: Reload Account
description: >-
This API asynchronously reloads the account directly from the connector and performs a one-time aggregation process.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts-state:manage]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
description: Async task details
content:
application/json:
schema:
$ref: '../schemas/AccountsAsyncResult.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

44
api-specs/idn/beta/paths/accounts-id-unlock.yaml Normal file
View File

@@ -0,0 +1,44 @@
post:
operationId: unlockAccount
tags:
- Accounts
summary: Unlock Account
description: >-
This API submits a task to unlock an account and returns the task ID.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts-state:manage]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The account id
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/AccountUnlockRequest.yaml'
responses:
'202':
description: Async task details
content:
application/json:
schema:
$ref: '../schemas/AccountsAsyncResult.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

164
api-specs/idn/beta/paths/accounts.yaml Normal file
View File

@@ -0,0 +1,164 @@
get:
operationId: listAccounts
tags:
- Accounts
summary: Accounts List
description: >-
This returns a list of accounts.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts:read, idn:accounts:manage]
parameters:
- in: query
name: detailLevel
schema:
type: string
enum: [ SLIM, FULL ]
description: >-
Determines whether Slim, or increased level of detail is provided for each account in the returned list.
FULL is the default behavior.
example: FULL
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
example: identityId eq "2c9180858082150f0180893dbaf44201"
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**identityId**: *eq*
**name**: *eq, in*
**nativeIdentity**: *eq, in*
**sourceId**: *eq, in*
**uncorrelated**: *eq*
- in: query
name: sorters
required: false
schema:
type: string
format: comma-separated
example: id,name
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **id**, **name**, **created**, **modified**
responses:
'200':
description: List of account objects
content:
application/json:
schema:
type: array
items:
anyOf:
- $ref: '../schemas/SlimAccount.yaml'
- $ref: '../schemas/FullAccount.yaml'
examples:
SlimAccounts:
description: List of slim accounts that would result with *detailLevel = SLIM*
value:
- "attributes": null
"created": "2021-09-28T02:15:44.644Z"
"description": null
"disabled": false
"features": "PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE"
"hasEntitlements": true
"id": "2c9180867c184ff6017c2a2fbf031667"
"identityId": "2c9180867c184ff6017c2a2fbf031666"
"locked": false
"manuallyCorrelated": false
"modified": "2021-09-28T02:16:12.207Z"
"name": "Geovanni.0a7cad6df"
"nativeIdentity": "CN=Geovanni 0a7cad6df,OU=hpun,OU=org-data-service,DC=TestAutomationAD,DC=local"
"sourceId": "2c91808b7c28b350017c2a2ec5790aa1"
"uuid": "{e4218fa4-da52-4bb0-aa41-d2dcc08a7ad8}"
FullAccounts:
description: List of slim accounts that would result with *detailLevel = FULL* or not specifying it
value:
- "attributes": null
"authoritative": true
"created": "2021-09-28T02:15:44.644Z"
"description": null
"disabled": false
"features": "PROVISIONING, GROUP_PROVISIONING, SYNC_PROVISIONING, AUTHENTICATE"
"hasEntitlements": true
"id": "2c9180867c184ff6017c2a2fbf031667"
"identityId": "2c9180867c184ff6017c2a2fbf031666"
"locked": false
"manuallyCorrelated": false
"modified": "2021-09-28T02:16:12.207Z"
"name": "Geovanni.0a7cad6df"
"nativeIdentity": "CN=Geovanni 0a7cad6df,OU=hpun,OU=org-data-service,DC=TestAutomationAD,DC=local"
"sourceId": "2c91808b7c28b350017c2a2ec5790aa1"
"systemAccount": false
"uncorrelated": false
"uuid": "{e4218fa4-da52-4bb0-aa41-d2dcc08a7ad8}"
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
post:
operationId: createAccount
tags:
- Accounts
summary: Create Account
description: >-
This API submits an account creation task and returns the task ID.
The `sourceId` where this account will be created must be included in the `attributes` object.
A token with ORG_ADMIN authority is required to call this API.
security:
- oauth2: [idn:accounts:manage]
requestBody:
required: true
content:
application/json:
schema:
$ref: "../schemas/AccountAttributesCreate.yaml"
responses:
'202':
description: Async task details
content:
application/json:
schema:
$ref: '../schemas/AccountsAsyncResult.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

91
api-specs/idn/beta/paths/ai-access-request-recommendations-ignored.yaml Normal file
View File

@@ -0,0 +1,91 @@
post:
operationId: addAccessRequestRecommendationsIgnoredItem
tags:
- IAI Access Request Recommendations
summary: Notification of Ignored Access Request Recommendations
description: >-
This API ignores a recommended access request item.
Once an item is ignored, it will be marked as ignored=true if it is still a recommended item.
The consumer can decide to hide ignored recommendations.
requestBody:
description: The recommended access item to ignore for an identity.
required: true
content:
application/json:
schema:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemDto.yaml'
responses:
'201':
description: Recommendation successfully stored as ignored.
content:
application/json:
schema:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemResponseDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
get:
operationId: getAccessRequestRecommendationsIgnoredItems
tags:
- IAI Access Request Recommendations
summary: List of Ignored Access Request Recommendations
description: >-
This API returns the list of ignored access request recommendations.
parameters:
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.id**: *eq, in*
**access.type**: *eq, in*
**identityId**: *eq, in*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp**
responses:
'200':
description: Returns list of ignored access request recommendations.
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemResponseDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

91
api-specs/idn/beta/paths/ai-access-request-recommendations-requested.yaml Normal file
View File

@@ -0,0 +1,91 @@
post:
operationId: addAccessRequestRecommendationsRequestedItem
tags:
- IAI Access Request Recommendations
summary: Notification of Requested Access Request Recommendations
description: >-
This API consumes a notification that a recommended access
request item was requested. This API does not actually make the request, it is just a notification.
This will help provide feedback in order to improve our recommendations.
requestBody:
description: The recommended access item that was requested for an identity.
required: true
content:
application/json:
schema:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemDto.yaml'
responses:
'201':
description: Notification successfully acknowledged.
content:
application/json:
schema:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemResponseDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
get:
operationId: getAccessRequestRecommendationsRequestedItems
tags:
- IAI Access Request Recommendations
summary: List of Requested Access Request Recommendations
description: >-
This API returns a list of requested access request recommendations.
parameters:
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.id**: *eq, in*
**access.type**: *eq, in*
**identityId**: *eq, in*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp**
responses:
'200':
description: Returns the list of requested access request recommendations.
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemResponseDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

37
api-specs/idn/beta/paths/ai-access-request-recommendations-viewed-bulk-create.yaml Normal file
View File

@@ -0,0 +1,37 @@
post:
operationId: addAccessRequestRecommendationsViewedItems
tags:
- IAI Access Request Recommendations
summary: Notification of Viewed Access Request Recommendations in Bulk
description: >-
This API consumes a notification that a set of recommended access request item were viewed.
Future recommendations with these items will be marked with viewed=true. This can be useful for the
consumer to determine if there are any new/unviewed recommendations.
requestBody:
description: The recommended access items that were viewed for an identity.
required: true
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemDto.yaml'
responses:
'201':
description: Recommendations successfully stored as viewed.
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemResponseDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

91
api-specs/idn/beta/paths/ai-access-request-recommendations-viewed.yaml Normal file
View File

@@ -0,0 +1,91 @@
post:
operationId: addAccessRequestRecommendationsViewedItem
tags:
- IAI Access Request Recommendations
summary: Notification of Viewed Access Request Recommendations
description: >-
This API consumes a notification that a recommended access request item was viewed.
Future recommendations with this item will be marked with viewed=true. This can be useful for the
consumer to determine if there are any new/unviewed recommendations.
requestBody:
description: The recommended access that was viewed for an identity.
required: true
content:
application/json:
schema:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemDto.yaml'
responses:
'201':
description: Recommendation successfully stored as viewed.
content:
application/json:
schema:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemResponseDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
get:
operationId: getAccessRequestRecommendationsViewedItems
tags:
- IAI Access Request Recommendations
summary: List of Viewed Access Request Recommendations
description: >-
This API returns the list of viewed access request recommendations.
parameters:
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.id**: *eq, in*
**access.type**: *eq, in*
**identityId**: *eq, in*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.id, access.type, identityId, timestamp**
responses:
'200':
description: Returns list of viewed access request recommendations.
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/AccessRequestRecommendationActionItemResponseDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

88
api-specs/idn/beta/paths/ai-access-request-recommendations.yaml Normal file
View File

@@ -0,0 +1,88 @@
get:
operationId: getAccessRequestRecommendations
tags:
- IAI Access Request Recommendations
summary: Identity Access Request Recommendations
description: >-
This API returns the access request recommendations for the specified identity. The default identity is *me* which indicates the current user.
parameters:
- in: query
name: identity-id
description: >-
Get access request recommendations for an identityId. *me* indicates the current user.
schema:
type: string
default: me
required: false
example: 2c91808570313110017040b06f344ec9
- in: query
name: limit
description: >-
Max number of results to return.
required: false
schema:
type: integer
minimum: 0
maximum: 15
default: 15
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: include-translation-messages
description: >-
If *true* it will populate a list of translation messages in the response.
schema:
type: boolean
default: false
required: false
example: false
- in: query
name: filters
schema:
type: string
description: >-
Filter recommendations using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**access.name**: *co*
**access.type**: *eq, in*
**access.description**: *co*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **access.name, access.type**
By default the recommendations are sorted by highest confidence first.
responses:
'200':
description: List of access request recommendations for the identityId
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/AccessRequestRecommendationItemDetail.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

35
api-specs/idn/beta/paths/approve-access-request-approval.yaml Normal file
View File

@@ -0,0 +1,35 @@
post:
operationId: approveAccessRequest
summary: Approves an access request approval.
tags:
- Access Request Approvals
description: >-
This endpoint approves an access request approval. Only the owner of the approval and ORG_ADMIN users are allowed to perform this action.
parameters:
- in: path
name: approvalId
schema:
type: string
required: true
description: The id of the approval.
example: 2c91808b7294bea301729568c68c002e
requestBody:
description: Reviewer's comment.
required: false
content:
application/json:
schema:
$ref: "../schemas/CommentDto.yaml"
responses:
'202':
$ref: '../../v3/responses/202.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

34
api-specs/idn/beta/paths/assign-verified-from-addresses.yaml Normal file
View File

@@ -0,0 +1,34 @@
post:
operationId: assignVerifiedFromAddresses
tags:
- Notifications
summary: Assign Verified From Address
description: >-
Assign pre-existing verified, From email address to current tenant.
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/EmailStatusDto.yaml'
example:
email: "sender@example.com"
responses:
'201':
description: Verified Email Status
content:
application/json:
schema:
$ref: '../schemas/EmailStatusDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

84
api-specs/idn/beta/paths/attr-sync-config-source.yaml Normal file
View File

@@ -0,0 +1,84 @@
get:
operationId: getSourceAttrSyncConfig
tags:
- Sources
summary: Attribute Sync Config
description: >-
This API returns the existing attribute synchronization configuration for a source specified by the
given ID. The response contains all attributes, regardless of whether they enabled or not.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: Attribute synchronization configuration for a source
content:
application/json:
schema:
$ref: '../schemas/AttrSyncSourceConfig.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
put:
operationId: putSourceAttrSyncConfig
tags:
- Sources
summary: Update Attribute Sync Config
description: >-
Replaces the attribute synchronization configuration for the source specified by the given ID with the
configuration provided in the request body. Only the "enabled" field of the values in the "attributes"
array is mutable. Attempting to change other attributes or add new values to the "attributes" array
will result in an error.
A token with ORG_ADMIN authority is required to call this API.
parameters:
- in: path
name: id
required: true
schema:
type: string
description: The source id
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/AttrSyncSourceConfig.yaml'
responses:
'200':
description: Updated attribute synchronization configuration for a source
content:
application/json:
schema:
$ref: '../schemas/AttrSyncSourceConfig.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

107
api-specs/idn/beta/paths/attr-sync-config-tenant.yaml Normal file
View File

@@ -0,0 +1,107 @@
get:
operationId: getTenantAttrSyncConfig
tags:
- Attribute Synchronization
summary: Tenant Attribute Sync Config
description: >-
This API returns the attribute synchronization configuration for a tenant. The response contains
configuration data for individual identity attributes and the corresponding target sources that
should be sychronized when a value changes.
A token with ORG_ADMIN authority is required to call this API.
responses:
'200':
description: Attribute synchronization configuration for a tenant
content:
application/json:
schema:
$ref: '../schemas/AttrSyncTenantConfig.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
post:
operationId: createTenantAttrSyncConfig
tags:
- Attribute Synchronization
summary: New Tenant Attribute Sync Config
description: >-
This API creates a new attribute synchronization configuration for a tenant. The payload contains
configuration data for individual identity attributes and the corresponding target sources that
should be sychronized when a value changes.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/AttrSyncTenantConfig.yaml'
responses:
'200':
description: Newly created attribute synchronization configuration for a tenant
content:
application/json:
schema:
$ref: '../schemas/AttrSyncTenantConfig.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
put:
operationId: replaceTenantAttrSyncConfig
tags:
- Attribute Synchronization
summary: Update Tenant Attribute Sync Config
description: >-
This API replaces an existing attribute synchronization configuration for a tenant. Only the
"attributes" property is mutable. The "attributes" property contains the synchronization configuration
for the individual identity attributes and the corresponding target sources that should be
synchronized when a value changes.
A token with ORG_ADMIN authority is required to call this API.
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/AttrSyncTenantConfig.yaml'
responses:
'200':
description: Updated attribute synchronization configuration for a tenant
content:
application/json:
schema:
$ref: '../schemas/AttrSyncTenantConfig.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

26
api-specs/idn/beta/paths/auth-org-config.yaml Normal file
View File

@@ -0,0 +1,26 @@
get:
operationId: getAuthOrgConfig
tags:
- Auth Org Configuration
summary: Get Auth Org Configuration
description: >-
This gets the details of an org's auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
'200':
description: Auth org configuration for the tenant.
content:
application/json:
schema:
$ref: '../schemas/AuthOrgConfiguration.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
# security:
# - oauth2: [sp:auth-org:read]

115
api-specs/idn/beta/paths/auth-org-lockout-config.yaml Normal file
View File

@@ -0,0 +1,115 @@
get:
operationId: getAuthOrgLockoutConfig
tags:
- Auth Org Configuration
summary: Get the org's auth org lockout configuration.
description: >-
This API returns the details of an org's lockout auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
"200":
description: Lockout configuration for the tenant's auth org.
content:
application/json:
schema:
$ref: "../schemas/LockoutConfiguration.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
post:
operationId: createAuthOrgLockoutConfig
tags:
- Auth Org Configuration
summary: Create the org's auth org lockout configuration.
description: >-
This API returns the details of an org's lockout auth configuration.
Requires security scope of: 'sp:auth-org:create'
requestBody:
required: true
description: >-
Lockout configuration creation request body. The following constraints
ensure the request body conforms to certain logical guidelines, which are:
1. maximumAttempts >= 1 && maximumAttempts <= 15
2. lockoutDuration >= 5 && lockoutDuration <= 60
3. lockoutWindow >= 5 && lockoutDuration <= 60
content:
application/json:
schema:
$ref: "../schemas/LockoutConfiguration.yaml"
responses:
"200":
description: Lockout configuration for the tenant.
content:
application/json:
schema:
$ref: "../schemas/LockoutConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:create]
patch:
operationId: patchAuthOrgLockoutConfig
tags:
- Auth Org Configuration
summary: Update the org's auth org lockout configuration
description: >-
This API updates an existing lockout configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
A list of auth org lockout configuration update operations according to
the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Lockout Config conforms to certain logical
guidelines, which are:
1. maximumAttempts >= 1 && maximumAttempts <= 15
2. lockoutDuration >= 5 && lockoutDuration <= 60
3. lockoutWindow >= 5 && lockoutDuration <= 60
content:
application/json-patch+json:
schema:
type: array
items:
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/maximumAttempts"
value: 7,
- op: "add"
path: "/lockoutDuration"
value: 35
responses:
"200":
description: Updated Auth Org lockout configuration.
content:
application/json:
schema:
$ref: "../schemas/LockoutConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]

117
api-specs/idn/beta/paths/auth-org-network-config.yaml Normal file
View File

@@ -0,0 +1,117 @@
get:
operationId: getAuthOrgNetworkConfig
tags:
- Auth Org Configuration
summary: Get the org's auth org network configuration.
description: >-
This API returns the details of an org's network auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
"200":
description: Network configuration for the tenant's auth org.
content:
application/json:
schema:
$ref: "../schemas/NetworkConfiguration.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
post:
operationId: createAuthOrgNetworkConfig
tags:
- Auth Org Configuration
summary: Create the org's auth org network configuration.
description: >-
This API returns the details of an org's network auth configuration.
Requires security scope of: 'sp:auth-org:create'
requestBody:
required: true
description: >-
Network configuration creation request body. The following constraints
ensure the request body conforms to certain logical guidelines, which are:
1. Each string element in the range array must be a valid ip address or
ip subnet mask.
2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content:
application/json:
schema:
$ref: "../schemas/NetworkConfiguration.yaml"
responses:
"200":
description: Network configuration for the tenant.
content:
application/json:
schema:
$ref: "../schemas/NetworkConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:create]
patch:
operationId: patchAuthOrgNetworkConfig
tags:
- Auth Org Configuration
summary: Update the org's auth org network configuration
description: >-
This API updates an existing network configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
A list of auth org network configuration update operations according to
the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Network Config conforms to certain logical
guidelines, which are:
1. Each string element in the range array must be a valid ip address or
ip subnet mask.
2. Each string element in the geolocation array must be 2 characters,
and they can only be uppercase letters.
content:
application/json-patch+json:
schema:
type: array
items:
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/whitelisted"
value: false,
- op: "add"
path: "/geolocation"
value: ["AF", "HN", "ES"]
responses:
"200":
description: Updated Auth Org network configuration.
content:
application/json:
schema:
$ref: "../schemas/NetworkConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]

133
api-specs/idn/beta/paths/auth-org-service-provider-config.yaml Normal file
View File

@@ -0,0 +1,133 @@
get:
operationId: getAuthOrgServiceProviderConfig
tags:
- Auth Org Configuration
summary: Get Service Provider Configuration.
description: >-
This API returns the details of an org's service provider auth
configuration. Requires security scope of: 'sp:auth-org:read'
responses:
"200":
description: Service provider configuration for the tenant.
content:
application/json:
schema:
$ref: "../schemas/ServiceProviderConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
patch:
operationId: patchAuthOrgServiceProviderConfig
tags:
- Auth Org Configuration
summary: Update Service Provider Configuration
description: >-
This API updates an existing service provider configuration for an org using
PATCH. Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
A list of auth org service provider configuration update operations
according to the [JSON Patch](https://tools.ietf.org/html/rfc6902)
standard.
Note: /federationProtocolDetails/0 is IdpDetails
/federationProtocolDetails/1 is SpDetails
Ensures that the patched ServiceProviderConfig conforms to certain logical
guidelines, which are:
1. Do not add or remove any elements in the federation protocol details
in the service provider configuration.
2. Do not modify, add, or delete the service provider details element in
the federation protocol details.
3. If this is the first time the patched ServiceProviderConfig enables
Remote IDP sign-in, it must also include IDPDetails.
4. If the patch enables Remote IDP sign in, the entityID in the
IDPDetails cannot be null. IDPDetails must include an entityID.
5. Any JIT configuration update must be valid.
Just in time configuration update must be valid when enabled. This
includes:
- A Source ID
- Source attribute mappings
- Source attribute maps have all the required key values (firstName,
lastName, email)
content:
application/json-patch+json:
schema:
type: array
items:
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/enabled"
value: true,
- op: "add"
path: "/federationProtocolDetails/0/jitConfiguration"
value:
{
"enabled": true,
"sourceId": "2c9180857377ed2901739c12a2da5ac8",
"sourceAttributeMappings":
{
"firstName": "okta.firstName",
"lastName": "okta.lastName",
"email": "okta.email",
"employeeNumber": "okta.employeeNumber",
},
}
responses:
"200":
description: Auth Org Service Provider configuration updated.
content:
application/json:
schema:
$ref: "../schemas/ServiceProviderConfiguration.yaml"
"400":
description: Client Error - Returned if the request body is invalid.
content:
application/json:
schema:
$ref: "../../v3/schemas/ErrorResponseDto.yaml"
examples:
400.1 Bad Request Content:
description: Response for bad request content
value:
detailCode: 400.1 Bad Request Content
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: firstName is required; accountName is required;
400.1.3 Illegal value:
description: Response for Illegal value
value:
detailCode: 400.1.3 Illegal value
trackingId: e7eab60924f64aa284175b9fa3309599
messages:
- locale: en
localeOrigin: REQUEST
text: JIT source id is invalid.
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"429":
$ref: "../../v3/responses/429.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]

115
api-specs/idn/beta/paths/auth-org-session-config.yaml Normal file
View File

@@ -0,0 +1,115 @@
get:
operationId: getAuthOrgSessionConfig
tags:
- Auth Org Configuration
summary: Get the org's auth org session configuration.
description: >-
This API returns the details of an org's session auth configuration.
Requires security scope of: 'sp:auth-org:read'
responses:
"200":
description: Session configuration for the tenant's auth org.
content:
application/json:
schema:
$ref: "../schemas/SessionConfiguration.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:read]
post:
operationId: createAuthOrgSessionConfig
tags:
- Auth Org Configuration
summary: Create the org's auth org session configuration.
description: >-
This API returns the details of an org's session auth configuration.
Requires security scope of: 'sp:auth-org:create'
requestBody:
required: true
description: >-
Session configuration creation request body. The following constraints
ensure the request body conforms to certain logical guidelines, which are:
1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week)
2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day)
3. maxSessionTime must have a greater duration than maxIdleTime.
content:
application/json:
schema:
$ref: "../schemas/SessionConfiguration.yaml"
responses:
"200":
description: Session configuration for the tenant.
content:
application/json:
schema:
$ref: "../schemas/SessionConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:create]
patch:
operationId: patchAuthOrgSessionConfig
tags:
- Auth Org Configuration
summary: Update the org's auth org session configuration
description: >-
This API updates an existing session configuration for an org using PATCH
Requires security scope of: 'sp:auth-org:update'
requestBody:
required: true
description: >-
A list of auth org session configuration update operations according to
the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
Ensures that the patched Session Config conforms to certain logical
guidelines, which are:
1. maxSessionTime >= 1 && maxSessionTime <= 10080 (1 week)
2. maxIdleTime >= 1 && maxIdleTime <= 1440 (1 day)
3. maxSessionTime must have a greater duration than maxIdleTime.
content:
application/json-patch+json:
schema:
type: array
items:
$ref: "../schemas/JsonPatchOperation.yaml"
example:
- op: "replace"
path: "/rememberMe"
value: true,
- op: "add"
path: "/maxSessionTime"
value: 480
responses:
"200":
description: Updated Auth Org session configuration.
content:
application/json:
schema:
$ref: "../schemas/SessionConfiguration.yaml"
"400":
$ref: "../../v3/responses/400.yaml"
"401":
$ref: "../../v3/responses/401.yaml"
"403":
$ref: "../../v3/responses/403.yaml"
"404":
$ref: "../../v3/responses/404.yaml"
"500":
$ref: "../../v3/responses/500.yaml"
# security:
# - oauth2: [sp:auth-org:update]

45
api-specs/idn/beta/paths/auth-user-password.yaml Normal file
View File

@@ -0,0 +1,45 @@
post:
operationId: updateAuthUserPassword
tags:
- Auth User
summary: Auth User Password Update
description: Update a password of existing user in the authentication system by overwriting the password with new password.
# security:
# - oauth2: [sp:auth-user-password:update]
parameters:
- in: path
name: id
description: >-
Identity ID
required: true
schema:
type: string
requestBody:
required: true
description: |
Auth User Password Update Request. This overwrites the existing user password in the authentication system.
Requires security scope of 'sp:auth-user-password:update'
content:
application/json:
schema:
$ref: '../schemas/PasswordUpdateRequest.yaml'
responses:
'200':
description: Auth user updated.
content:
application/json:
schema:
$ref: '../schemas/AuthUser.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

180
api-specs/idn/beta/paths/auth-user.yaml Normal file
View File

@@ -0,0 +1,180 @@
get:
operationId: getAuthUser
tags:
- Auth User
summary: Auth User Details
description: >-
This API returns the specified user's authentication system details.
Requires security scope of: 'sp:auth-user:read'
parameters:
- in: path
name: id
description: >-
Identity ID
required: true
schema:
type: string
example: ef38f94347e94562b5bb8424a56397d8
# security:
# - oauth2: [sp:auth-user:read]
responses:
'200':
description: The specified user's authentication system details.
content:
application/json:
schema:
$ref: '../schemas/AuthUser.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
patch:
operationId: patchAuthUser
tags:
- Auth User
summary: Auth User Update - PATCH
description: Update an existing user in the authentication system with a PATCH request.
# security:
# - oauth2: [sp:auth-user:update]
parameters:
- in: path
name: id
description: >-
Identity ID
required: true
schema:
type: string
requestBody:
required: true
description: |
A list of auth user update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
PATCH can only be applied to the following fields:
* "capabilities"
A list of valid capabilities can be found using the GET ams/v3/authorization/authorization-capabilities/ endpoint.
Capabilities can only be patched if they are administrator assignable, as indicated by the 'adminAssignable' field from the output of list authorization-capabilities.
Capabilities that have a legacy group ('legacyGroup' field) need to be patched using the legacyGroup name (e.g. 'ORG_ADMIN').
Capabilities that are adminAssignable but do not have a legacyGroup can be patched using the ams id (e.g. 'cam:new-role').
A 400.1.1 Illegal update attempt detail code indicates that you attempted to PATCH a field that is not allowed.
Requires security scope of 'sp:auth-user:update'
content:
application/json-patch+json:
schema:
type: array
items:
$ref: '../schemas/JsonPatchOperation.yaml'
example:
- op: "replace"
path: "/capabilities"
value: ["ORG_ADMIN"]
responses:
'200':
description: Auth user updated.
content:
application/json:
schema:
$ref: '../schemas/AuthUser.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
put:
operationId: updateAuthUser
tags:
- Auth User
summary: Auth User Update - Overwrite
description: Update an existing user in the authentication system by over overwriting the information with new information.
# security:
# - oauth2: [sp:auth-user:update]
parameters:
- in: path
name: id
description: >-
Identity ID
required: true
schema:
type: string
requestBody:
required: true
description: |
Auth User Save Request. This overwrites the existing user details in the authentication system.
Requires security scope of 'sp:auth-user:update'
content:
application/json:
schema:
$ref: '../schemas/AuthUserSaveRequest.yaml'
responses:
'200':
description: Auth user updated.
content:
application/json:
schema:
$ref: '../schemas/AuthUser.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
delete:
operationId: deleteAuthUser
tags:
- Auth User
summary: Delete an Auth User
description: Delete an existing user in the authentication system.
# security:
# - oauth2: [sp:auth-user:delete]
parameters:
- in: path
name: id
description: >-
Identity ID
required: true
schema:
type: string
responses:
'204':
$ref: '../../v3/responses/204.yaml'
description: The user was successfully deleted from the authentication system.
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

27
api-specs/idn/beta/paths/auth.yaml Normal file
View File

@@ -0,0 +1,27 @@
post:
operationId: forgot-username
tags:
- Forgot Username
summary: Retrieve Forgotten Username
description: This API sends an email to allow a user to retrieve a forgotten username when a valid email address associated with a valid account is provided.
requestBody:
required: true
description: |
Forgotten username request. The username is sent by email to the provided address if the the mail is valid for the organization.
A token with anonymous authority can call this API.
content:
application/json:
schema:
$ref: '../schemas/ForgotUsernameRequest.yaml'
responses:
'202':
description: Accepted is always returned for a successfully formatted request, even if the email address is not
valid for the username. If the email address is valid, matches the username, and the username is enabled, a
notification is sent.
'400':
$ref: '../../v3/responses/400.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

43
api-specs/idn/beta/paths/authmfa/confirm-registration.yaml Normal file
View File

@@ -0,0 +1,43 @@
post:
operationId: authMfaConfirmRegistration
tags:
- Auth MFA
summary: Confirm a user's registration for MFA
description: >-
For a user who is not currently registered for MFA and who has just scanned
the QR code containing the TOTP URL provided by the /generate-secret
endpoint, confirms registration for MFA by validating a new TOTP code
generated by the authenticator used to scan the QR code containing the TOTP
URL.
Request requires a unique header as proof of partial authentication. This
header is called 'slpt-auth-mfa', and it must contain a special MFA token
for calling this endpoint.
While no specific right is required for a user to confirm registration, it
is expected that the caller first make a request to the /generate-secret
endpoint so that a TOTP secret exists as a basis for registration
confirmation. It is also assumed that the caller has previously verified
that the user is associated with an auth profile that has MFA enabled.
requestBody:
description: Request body containing TOTP code to validate.
required: true
content:
application/json:
schema:
$ref: "../../schemas/TotpCodeRequest.yaml"
responses:
"200":
description: Response indicating that the user's MFA has been verified.
content:
application/json:
schema:
$ref: "../../schemas/MfaVerificationResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

44
api-specs/idn/beta/paths/authmfa/generate-mfa-token.yaml Normal file
View File

@@ -0,0 +1,44 @@
post:
operationId: authMfaGenerateMfaToken
tags:
- Auth MFA
summary: Generate a special token for calling sp-mfa /totp/** APIs
description: >-
Generates an MFA token and establishes an unverified MFA-on-login context state.
Callable by either an internal service or an authenticated user.
When called by an internal service, the calling service must present the target user's external id as the requestedFor value.
When called by an authenticated user, the proxying service must present "me" as the the requestedFor value.
The following rights are required to access this endpoint: sp:mfa-token-all:create, sp:mfa-token-self:create
If an external id is presented as the request body's requestedFor value, the caller must possess the sp:mfa-token-all:create right.
This implies that an internal service is obtaining an MFA token on behalf of a user.
requestBody:
description: Request body containing requestedFor value.
required: true
content:
application/json:
schema:
$ref: "../../schemas/GetMfaTokenRequest.yaml"
responses:
"200":
description: Response containing an MFA Token.
content:
application/json:
schema:
$ref: "../../schemas/GetMfaTokenResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"404":
$ref: "../../../v3/responses/404.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

35
api-specs/idn/beta/paths/authmfa/generate-secret.yaml Normal file
View File

@@ -0,0 +1,35 @@
post:
operationId: authMfaGenerateSecret
tags:
- Auth MFA
summary:
Generate a TOTP secret embedded within a TOTP link for use with an
authenticator
description: >-
For a user who is not currently registered for MFA, generates a secret to
share with the user's chosen authenticator app.
Request requires a unique header as proof of partial authentication called
'slpt-auth-mfa', and it must contain a special MFA token for calling this
endpoint.
While no specific right is required for a user to generate a secret, it is
expected that the caller first verify that the user is associated with an
auth profile that has MFA enabled.
responses:
"200":
description:
Response containing user's username, a newly-generated secret, and a
TOTP link for a QR code generator to use.
content:
application/json:
schema:
$ref: "../../schemas/GetSecretResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

40
api-specs/idn/beta/paths/authmfa/mfa-registration-reset.yaml Normal file
View File

@@ -0,0 +1,40 @@
post:
operationId: authMfaRegistrationReset
tags:
- Auth MFA
summary: Disable a user's registration for MFA
description: >-
Disables a user's registration for MFA. The specified user is tied to the `requestedFor` body param and can either be an external id,
when resetting the registration on someone else's behalf, or "me", when resetting the registration for one's self.
Either of The following rights is necessary to access this endpoint:
- sp:mfa-login-registration-reset-all:execute
- sp:mfa-login-registration-reset-self:execute
The first right allows someone else or a system to reset a user's registration for MFA. The second right allows the user to reset his or her own registration for MFA.
requestBody:
description: MFA registration reset request body.
required: true
content:
application/json:
schema:
$ref: "../../schemas/MfaResetRequest.yaml"
responses:
"200":
description: Response indicating that the user is registered for MFA.
content:
application/json:
schema:
$ref: "../../schemas/MfaRegistrationResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

34
api-specs/idn/beta/paths/authmfa/registration-status.yaml Normal file
View File

@@ -0,0 +1,34 @@
get:
operationId: authMfaRegistrationStatus
tags:
- Auth MFA
summary: Determine whether the user is registered for MFA
description: >-
Gives the caller an indication of whether or not the user associated with the `externalId` path param is registered for MFA.
The following right is necessary to access this endpoint: `sp:mfa-login-registration:read`.
It is also assumed that the caller has previously verified that the user is associated with an auth profile that has MFA enabled.
parameters:
- in: path
name: externalId
schema:
type: string
required: true
description: The user's external ID
example: 2c9180867b50d088017b554662fb281e
responses:
"200":
description: Response indicating that the user is registered for MFA.
content:
application/json:
schema:
$ref: "../../schemas/MfaRegistrationResponse.yaml"
"401":
$ref: "../../../v3/responses/401.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

39
api-specs/idn/beta/paths/authmfa/verify-code.yaml Normal file
View File

@@ -0,0 +1,39 @@
post:
operationId: authMfaVerifyCode
tags:
- Auth MFA
summary: Validate a TOTP code generated by a user's authenticator
description: >-
For a user who is registered for MFA, validates a TOTP code generated by the
user's authenticator.
Request requires a unique header as proof of partial authentication. This
header is called 'slpt-auth-mfa', and it must contain a special MFA token
for calling this endpoint.
While no specific right is required for a user to have a TOTP code verified,
it is assumed that the caller has previously verified that the user is
associated with an auth profile that has MFA enabled and that the user has
already registered an authenticator for multi-factor authentication.
requestBody:
description: Request body containing TOTP code to validate.
required: true
content:
application/json:
schema:
$ref: "../../schemas/TotpCodeRequest.yaml"
responses:
"200":
description: Response indicating that the user's MFA has been verified.
content:
application/json:
schema:
$ref: "../../schemas/MfaVerificationResponse.yaml"
"400":
$ref: "../../../v3/responses/400.yaml"
"403":
$ref: "../../../v3/responses/403.yaml"
"429":
$ref: "../../../v3/responses/429.yaml"
"500":
$ref: "../../../v3/responses/500.yaml"

32
api-specs/idn/beta/paths/authorization-capabilities.yaml Normal file
View File

@@ -0,0 +1,32 @@
get:
operationId: listAuthoriztionCapabilities
# security:
# - oauth2: [idn:authorization-model:read]
tags:
- Authorization Model
summary: List Authorization Model Capabilities
description: >-
This API returns the list of capabilities from the Authorization Model Service.
Request will require the following security scope:
- 'idn:authorization-model:read'
responses:
'200':
description: List of Capabilities
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/AmsCapability.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

35
api-specs/idn/beta/paths/bulk-add-tagged-objects.yaml Normal file
View File

@@ -0,0 +1,35 @@
post:
operationId: addTagsToManyObjects
tags:
- Tagged Objects
summary: Tag Multiple Objects
description: >-
This API adds tags to multiple objects.
A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN
authority is required to call this API.
requestBody:
required: true
description: Supported object types are ROLE, IDENTITY and SOD_POLICY.
content:
application/json:
schema:
$ref: '../schemas/BulkTaggedObject.yaml'
responses:
'200':
description: Request succeeded.
content:
application/json:
schema:
$ref: '../schemas/BulkTaggedObject.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

31
api-specs/idn/beta/paths/bulk-remove-tagged-objects.yaml Normal file
View File

@@ -0,0 +1,31 @@
post:
operationId: removeTagsToManyObject
tags:
- Tagged Objects
summary: Remove Tags from Multiple Objects
description: >-
This API removes tags from multiple objects.
A token with API, CERT_ADMIN, ORG_ADMIN, REPORT_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN, SOURCE_ADMIN, or SOURCE_SUBADMIN
authority is required to call this API.
requestBody:
description: Supported object types are ROLE, IDENTITY and SOD_POLICY.
required: true
content:
application/json:
schema:
$ref: '../schemas/BulkTaggedObject.yaml'
responses:
'204':
$ref: '../../v3/responses/204.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

49
api-specs/idn/beta/paths/bulk-update-auth-user.yaml Normal file
View File

@@ -0,0 +1,49 @@
post:
operationId: bulkUpdateAuthUser
tags:
- Auth User
summary: Auth User Bulk Update
description: Update up to 100 existing auth users in a batch.
# security:
# - oauth2: [sp:auth-user:update]
requestBody:
required: true
description: |
A list of auth user update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
PATCH can only be applied to the following fields:
* "capabilities"
A list of valid capabilities can be found using the GET ams/v3/authorization/authorization-capabilities/ endpoint.
Capabilities can only be patched if they are administrator assignable, as indicated by the 'adminAssignable' field from the output of list authorization-capabilities.
Capabilities that have a legacy group ('legacyGroup' field) need to be patched using the legacyGroup name (e.g. 'ORG_ADMIN').
Capabilities that are adminAssignable but do not have a legacyGroup can be patched using the ams id (e.g. 'cam:new-role').
A 400.1.1 Illegal update attempt detail code indicates that you attempted to PATCH a field that is not allowed.
Requires security scope of 'sp:auth-user:update'
content:
application/json:
schema:
$ref: '../schemas/BulkUpdateAuthUser.yaml'
responses:
'200':
description: All Auth users successfully updated.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/AuthUser.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

46
api-specs/idn/beta/paths/campaign-activate.yaml Normal file
View File

@@ -0,0 +1,46 @@
post:
operationId: startCampaign
tags:
- Certification Campaigns
summary: Activate a Campaign
description: >-
Submits a job to activate the campaign with the given Id. The campaign must be staged.
Requires roles of CERT_ADMIN and ORG_ADMIN
security:
- oauth2: [ idn:campaign:update ]
deprecated: true
requestBody:
description:
Optional. If no timezone is specified, the standard UTC timezone is used (i.e. UTC+00:00).
Although this can take any timezone, the intended value is the caller's timezone. The activation time
calculated from the given timezone may cause the campaign deadline time to be modified, but it will remain
within the original date. The timezone must be in a valid ISO 8601 format.
required: false
content:
application/json:
schema:
$ref: '../schemas/ActivateCampaignOptions.yaml'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The campaign id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
$ref: '../../v3/responses/202.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

52
api-specs/idn/beta/paths/campaign-admin-cert-reassign.yaml Normal file
View File

@@ -0,0 +1,52 @@
post:
security:
- oauth2: [ idn:certification:write ]
operationId: move
tags:
- Certification Campaigns
summary: Reassign Certifications
description: >-
This API reassigns the specified certifications from one identity to another. A token with ORG_ADMIN or CERT_ADMIN
authority is required to call this API.
deprecated: true
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification campaign ID
example: ef38f94347e94562b5bb8424a56397d8
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/AdminReviewReassign.yaml'
responses:
'202':
description: The reassign task that has been submitted.
content:
application/json:
schema:
$ref: '../schemas/CertificationTask.yaml'
example:
id: 2c918086719eec070171a7e3355a360a
type: ADMIN_REASSIGN
targetType: CAMPAIGN
targetId: 2c918086719eec070171a7e3355a834c
status: QUEUED
errors: []
created: '2020-09-24T18:10:47.693Z'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

52
api-specs/idn/beta/paths/campaign-complete.yaml Normal file
View File

@@ -0,0 +1,52 @@
post:
operationId: completeCampaign
tags:
- Certification Campaigns
summary: Complete a Campaign
description: |
:::caution
This endpoint will run successfully for any campaigns that are **past due**.
This endpoint will return a content error if the campaign is **not past due**.
:::
Completes a certification campaign. This is provided to admins so that they
can complete a certification even if all items have not been completed.
Requires roles of CERT_ADMIN and ORG_ADMIN
# security:
# - oauth2: [CERT_ADMIN,ORG_ADMIN]
requestBody:
description:
Optional. Default behavior is for the campaign to auto-approve upon completion,
unless autoCompleteAction=REVOKE
required: false
content:
application/json:
schema:
$ref: '../schemas/CompleteCampaignOptions.yaml'
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The campaign id
example: ef38f94347e94562b5bb8424a56397d8
responses:
'202':
$ref: '../../v3/responses/202.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

63
api-specs/idn/beta/paths/campaign-reports-configuration.yaml Normal file
View File

@@ -0,0 +1,63 @@
get:
operationId: getCampaignReportsConfig
tags:
- Certification Campaigns
summary: Get Campaign Reports Configuration
description: >-
Fetches configuration for campaign reports. Currently it includes only one element - identity attributes defined as custom report columns.
Requires roles of CERT_ADMIN and ORG_ADMIN.
# security:
# - oauth2: [CERT_ADMIN,ORG_ADMIN]
responses:
'200':
description: Campaign Report Configuration
content:
application/json:
schema:
$ref: '../schemas/CampaignReportsConfig.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
put:
operationId: setCampaignReportsConfig
tags:
- Certification Campaigns
summary: Set Campaign Reports Configuration
description: >-
Overwrites configuration for campaign reports.
Requires roles CERT_ADMIN and ORG_ADMIN.
# security:
# - oauth2: [CERT_ADMIN,ORG_ADMIN]
requestBody:
required: true
description: Campaign Report Configuration
content:
application/json:
schema:
$ref: '../schemas/CampaignReportsConfig.yaml'
responses:
'200':
description: The persisted Campaign Report Configuration
content:
application/json:
schema:
$ref: '../schemas/CampaignReportsConfig.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

38
api-specs/idn/beta/paths/campaign-reports.yaml Normal file
View File

@@ -0,0 +1,38 @@
get:
operationId: getCampaignReports
tags:
- Certification Campaigns
summary: Get Campaign Reports
description: >-
Fetches all reports for a certification campaign by campaign ID.
Requires roles of CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN
# security:
# - oauth2: [CERT_ADMIN,DASHBOARD,ORG_ADMIN,REPORT_ADMIN]
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
description: The ID of the campaign for which reports are being fetched.
responses:
'200':
description: Array of campaign report objects.
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/CampaignReport.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

34
api-specs/idn/beta/paths/campaign-run-remediation-scan.yaml Normal file
View File

@@ -0,0 +1,34 @@
post:
operationId: runCampaignRemediationScan
tags:
- Certification Campaigns
summary: Run Campaign Remediation Scan
description: >-
Kicks off remediation scan task for a certification campaign.
Requires roles of CERT_ADMIN and ORG_ADMIN
# security:
# - oauth2: [CERT_ADMIN,ORG_ADMIN]
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
description: The ID of the campaign for which remediation scan is being run.
responses:
'202':
$ref: '../../v3/responses/202.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

41
api-specs/idn/beta/paths/campaign-run-report.yaml Normal file
View File

@@ -0,0 +1,41 @@
post:
operationId: runCampaignReport
tags:
- Certification Campaigns
summary: Run Campaign Report
description: >-
Runs a report for a certification campaign.
Requires the following roles: CERT_ADMIN, DASHBOARD, ORG_ADMIN and REPORT_ADMIN.
# security:
# - oauth2: [CERT_ADMIN,DASHBOARD,ORG_ADMIN,REPORT_ADMIN]
parameters:
- in: path
name: id
schema:
type: string
example: 2c91808571bcfcf80171c23e4b4221fc
required: true
description: The ID of the campaign for which report is being run.
- in: path
name: type
schema:
$ref: '../schemas/ReportType.yaml'
required: true
description: The type of the report to run.
responses:
'202':
$ref: '../../v3/responses/202.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

47
api-specs/idn/beta/paths/campaign-template-generate.yaml Normal file
View File

@@ -0,0 +1,47 @@
post:
operationId: generateCampaignTemplate
tags:
- Certification Campaigns
summary: Generate a Campaign from Template
# security:
# - oauth2: [ORG_ADMIN]
description: >-
Generates a new campaign from a campaign template.
The campaign object contained in the template has special formatting applied to its name and description
fields in order to determine the generated campaign's name/description. Placeholders in those fields are
formatted with the current date and time upon generation.
Placeholders consist of a percent sign followed by a letter indicating what should be inserted; for
example, "%Y" will insert the current year; a campaign template named "Campaign for %y" would generate a
campaign called "Campaign for 2020" (assuming the year at generation time is 2020).
Valid placeholders are the date/time conversion suffix characters supported by [java.util.Formatter](https://docs.oracle.com/javase/8/docs/api/java/util/Formatter.html).
Requires roles ORG_ADMIN.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template to use for generation.
responses:
'200':
description: >-
Indicates a campaign was successfully generated from this template, and returns a reference to the
new campaign.
content:
application/json:
schema:
$ref: '../../v3/schemas/CampaignReference.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

162
api-specs/idn/beta/paths/campaign-template-schedule.yaml Normal file
View File

@@ -0,0 +1,162 @@
get:
operationId: getCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Gets a Campaign Template's Schedule
description: >-
Gets the schedule for a campaign template. Returns a 404 if there is no schedule set.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template whose schedule is being fetched.
responses:
'200':
description: >-
The current schedule for the campaign template. See the PUT endpoint documentation for
more examples.
content:
application/json:
schema:
$ref: '../schemas/Schedule.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
put:
operationId: setCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Sets a Campaign Template's Schedule
description: >-
Sets the schedule for a campaign template. If a schedule already exists, it will be overwritten with
the new one.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template being scheduled.
requestBody:
content:
application/json:
schema:
$ref: '../schemas/Schedule.yaml'
examples:
'Monthly':
description: Runs on the 15th and last day of the month, at 5PM.
value:
type: MONTHLY
hours:
type: LIST
values:
- "17"
days:
type: LIST
values:
- "15"
'Once a year':
description: Runs every January 1st at midnight.
value:
type: ANNUALLY
hours:
type: LIST
values:
- "0"
days:
type: LIST
values:
- "--01-01"
'Quarterly':
description: Runs once a quarter (every 3 months) on the first of the month at 1AM.
value:
type: ANNUALLY
hours:
type: LIST
values:
- "1"
days:
type: LIST
values:
- "1"
months:
type: LIST
values:
- "1"
interval: 3
'Yearly on Specific Days':
description: Runs on March 12 and December 5 at 1AM, every year.
value:
type: ANNUALLY
hours:
type: LIST
values:
- "1"
days:
type: LIST
values:
- "--03-12"
- "--12-05"
'On a Specific Date':
description: Runs at 1AM on February 18th, 2020
value:
type: CALENDAR
hours:
type: LIST
values:
- "1"
days:
type: LIST
values:
- "2020-02-18"
responses:
'204':
$ref: '../../v3/responses/204.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
delete:
operationId: deleteCampaignTemplateSchedule
tags:
- Certification Campaigns
summary: Deletes a Campaign Template's Schedule
description: >-
Deletes the schedule for a campaign template. Returns a 404 if there is no schedule set.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template whose schedule is being deleted.
responses:
'204':
$ref: '../../v3/responses/204.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

138
api-specs/idn/beta/paths/campaign-template.yaml Normal file
View File

@@ -0,0 +1,138 @@
get:
operationId: getCampaignTemplate
tags:
- Certification Campaigns
summary: Get a Campaign Template
description: Fetches a campaign template by ID.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The desired campaign template's ID.
example: 2c9180835d191a86015d28455b4a2329
responses:
'200':
description: The data for the campaign matching the given ID.
content:
application/json:
schema:
$ref: '../schemas/CampaignTemplate.yaml'
examples:
Manager:
$ref: '../schemas/campaign/examples/CampaignTemplateManager.yaml'
Search:
$ref: '../schemas/campaign/examples/CampaignTemplateSearch.yaml'
Source Owner:
$ref: '../schemas/campaign/examples/CampaignTemplateSourceOwner.yaml'
RoleComposition:
$ref: '../schemas/campaign/examples/CampaignTemplateRoleComposition.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
patch:
operationId: patchCampaignTemplate
tags:
- Certification Campaigns
summary: Update a Campaign Template
description: Allows updating individual fields on a campaign template using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template being modified.
example: 2c9180835d191a86015d28455b4a2329
requestBody:
required: true
description: |
A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The following fields are patchable:
* name
* description
* deadlineDuration
* campaign (all fields that are allowed during create)
content:
application/json-patch+json:
schema:
type: array
items:
type: object
example:
- op: "replace"
path: "/description"
value: "Updated description!"
- op: "replace"
path: "/campaign/filter/id"
value: "ff80818155fe8c080155fe8d925b0316"
responses:
'200':
description: >-
Indicates the PATCH operation succeeded, and returns the template's new representation.
content:
application/json:
schema:
$ref: '../schemas/CampaignTemplate.yaml'
examples:
Manager:
$ref: '../schemas/campaign/examples/CampaignTemplateManager.yaml'
Search:
$ref: '../schemas/campaign/examples/CampaignTemplateSearch.yaml'
Source Owner:
$ref: '../schemas/campaign/examples/CampaignTemplateSourceOwner.yaml'
RoleComposition:
$ref: '../schemas/campaign/examples/CampaignTemplateRoleComposition.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
delete:
operationId: deleteCampaignTemplate
tags:
- Certification Campaigns
summary: Delete a Campaign Template
description: Deletes a campaign template by ID.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template being deleted.
example: 2c9180835d191a86015d28455b4a2329
responses:
'204':
$ref: '../../v3/responses/204.yaml'
description: The Source was successfully deleted.
'400':
$ref: '../../v3/responses/400.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

96
api-specs/idn/beta/paths/campaign-templates.yaml Normal file
View File

@@ -0,0 +1,96 @@
get:
operationId: listCampaignTemplates
tags:
- Certification Campaigns
summary: List Campaign Templates
parameters:
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, created, modified**
- in: query
name: filters
schema:
type: string
format: comma-separated
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields: **name, id**
responses:
'200':
description: List of campaign template objects
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/CampaignTemplate.yaml'
example:
$ref: '../schemas/campaign/examples/CampaignTemplates.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
post:
operationId: createCampaignTemplate
tags:
- Certification Campaigns
summary: Create a Campaign Template
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/CampaignTemplate.yaml'
examples:
Manager:
$ref: '../schemas/campaign/examples/CreateCampaignTemplateManager.yaml'
Search:
$ref: '../schemas/campaign/examples/CreateCampaignTemplateSearch.yaml'
Source Owner:
$ref: '../schemas/campaign/examples/CreateCampaignTemplateSourceOwner.yaml'
RoleComposition:
$ref: '../schemas/campaign/examples/CreateCampaignTemplateRoleComposition.yaml'
responses:
'200':
description: Created successfully.
content:
application/json:
schema:
$ref: '../schemas/CampaignTemplate.yaml'
examples:
Manager:
$ref: '../schemas/campaign/examples/CampaignTemplateManager.yaml'
Search:
$ref: '../schemas/campaign/examples/CampaignTemplateSearch.yaml'
Source Owner:
$ref: '../schemas/campaign/examples/CampaignTemplateSourceOwner.yaml'
RoleComposition:
$ref: '../schemas/campaign/examples/CampaignTemplateRoleComposition.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

121
api-specs/idn/beta/paths/campaign.yaml Normal file
View File

@@ -0,0 +1,121 @@
get:
operationId: getCampaign
tags:
- Certification Campaigns
summary: Get a campaign
description: >-
Retrieves information for an existing campaign using the campaign's ID. Authorized callers must be a
reviewer for this campaign, an ORG_ADMIN, or a CERT_ADMIN.
deprecated: true
security:
- oauth2: []
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign to be retrieved
example: 2c91808571bcfcf80171c23e4b4221fc
responses:
'200':
description: A campaign object
content:
application/json:
schema:
$ref: '../schemas/SlimCampaign.yaml'
examples:
Manager:
$ref: '../schemas/campaign/examples/SlimCampaignManager.yaml'
Search:
$ref: '../schemas/campaign/examples/SlimCampaignSearch.yaml'
Source Owner:
$ref: '../schemas/campaign/examples/SlimCampaignSourceOwner.yaml'
RoleComposition:
$ref: '../schemas/campaign/examples/SlimCampaignRoleComposition.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
patch:
operationId: updateCampaign
tags:
- Certification Campaigns
summary: Update a Campaign
description: Allows updating individual fields on a campaign using the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
security:
- oauth2: [idn:campaign:update,idn:campaign:read]
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the campaign template being modified.
example: 2c91808571bcfcf80171c23e4b4221fc
requestBody:
required: true
description: |
A list of campaign update operations according to the [JSON Patch](https://tools.ietf.org/html/rfc6902) standard.
The fields that can be patched differ based on the status of the campaign.
In the *STAGED* status, the following fields can be patched:
* name
* description
* recommendationsEnabled
* deadline
* emailNotificationEnabled
* autoRevokeAllowed
In the *ACTIVE* status, the following fields can be patched:
* deadline
content:
application/json-patch+json:
schema:
type: array
items:
type: object
example:
- op: "replace"
path: "/name"
value: "This field has been updated!"
- op: "copy"
from: "/name"
path: "/description"
responses:
'200':
description: >-
Indicates the PATCH operation succeeded, and returns the campaign's new representation.
content:
application/json:
schema:
$ref: '../schemas/SlimCampaign.yaml'
examples:
Manager:
$ref: '../schemas/campaign/examples/SlimCampaignManager.yaml'
Search:
$ref: '../schemas/campaign/examples/SlimCampaignSearch.yaml'
Source Owner:
$ref: '../schemas/campaign/examples/SlimCampaignSourceOwner.yaml'
RoleComposition:
$ref: '../schemas/campaign/examples/SlimCampaignRoleComposition.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

33
api-specs/idn/beta/paths/campaigns-delete.yaml Normal file
View File

@@ -0,0 +1,33 @@
post:
operationId: deleteCampaigns
tags:
- Certification Campaigns
summary: Deletes Campaigns
description: >-
Deletes campaigns whose Ids are specified in the provided list of campaign Ids.
Authorized callers must be an ORG_ADMIN or a CERT_ADMIN.
# security:
# - oauth2: [CERT_ADMIN,ORG_ADMIN]
requestBody:
description: The ids of the campaigns to delete.
required: true
content:
application/json:
schema:
$ref: '../../beta/schemas/DeleteCampaignsRequest.yaml'
responses:
'202':
$ref: '../../v3/responses/202.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

134
api-specs/idn/beta/paths/campaigns.yaml Normal file
View File

@@ -0,0 +1,134 @@
get:
operationId: getActiveCampaigns
tags:
- Certification Campaigns
summary: List Campaigns
description: >-
Gets campaigns and returns them in a list. Can provide increased level of detail for each campaign if provided
the correct query.
security:
- oauth2: []
deprecated: true
parameters:
- in: query
name: detail
schema:
type: string
enum: [SLIM, FULL]
required: false
description: >-
Determines whether slim, or increased level of detail is provided for each campaign in the returned list.
Slim is the default behavior.
example: FULL
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
required: false
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**name**: *eq, sw*
**status**: *eq, in*
example: name eq "Manager Campaign"
- in: query
name: sorters
schema:
type: string
format: comma-separated
required: false
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**, **created**
example: name
responses:
'200':
description: A list of campaign objects.
content:
application/json:
schema:
type: array
items:
oneOf:
- $ref: '../schemas/SlimCampaign.yaml'
- $ref: '../schemas/Campaign.yaml'
examples:
Slim Campaign:
$ref: '../schemas/campaign/examples/SlimCampaigns.yaml'
Full Campaign:
$ref: '../schemas/campaign/examples/FullCampaigns.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'
post:
operationId: createCampaign
tags:
- Certification Campaigns
summary: Create a campaign
description: Creates a new Certification Campaign with the information provided in the request body.
security:
- oauth2: [idn:campaign:create]
deprecated: true
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/Campaign.yaml'
examples:
Manager:
$ref: '../schemas/campaign/examples/CreateCampaignManager.yaml'
Search:
$ref: '../schemas/campaign/examples/CreateCampaignSearch.yaml'
Source Owner:
$ref: '../schemas/campaign/examples/CreateCampaignSourceOwner.yaml'
Role Composition:
$ref: '../schemas/campaign/examples/CreateCampaignRoleComposition.yaml'
responses:
'200':
description: Indicates that the campaign requested was successfully created and returns its representation.
content:
application/json:
schema:
$ref: '../schemas/Campaign.yaml'
examples:
Manager:
$ref: '../schemas/campaign/examples/FullCampaignManager.yaml'
Search:
$ref: '../schemas/campaign/examples/FullCampaignSearch.yaml'
Source Owner:
$ref: '../schemas/campaign/examples/FullCampaignSourceOwner.yaml'
Role Composition:
$ref: '../schemas/campaign/examples/FullCampaignRoleComposition.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

36
api-specs/idn/beta/paths/certification-task.yaml Normal file
View File

@@ -0,0 +1,36 @@
get:
operationId: getCertificationTask
tags:
- Certifications
- Certification Campaigns
summary: Certification Task by ID
description: >-
This API returns the certification task for the specified ID. A token with ORG_ADMIN or CERT_ADMIN authority is
required to call this API. Reviewers for the specified certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The task ID
example: 63b32151-26c0-42f4-9299-8898dc1c9daa
responses:
'200':
description: A certification task
content:
application/json:
schema:
$ref: '../../beta/schemas/CertificationTask.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

58
api-specs/idn/beta/paths/certification-tasks.yaml Normal file
View File

@@ -0,0 +1,58 @@
get:
operationId: getPendingCertificationTasks
tags:
- Certifications
- Certification Campaigns
summary: List of Pending Certification Tasks
description: >-
This API returns a list of pending (`QUEUED` or `IN_PROGRESS`) certification tasks. Any authenticated token can call
this API, but only certification tasks you are authorized to review will be returned.
parameters:
- in: query
name: reviewer-identity
schema:
type: string
description: The ID of reviewer identity. *me* indicates the current user.
required: false
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**targetId**: *eq, in*
**type**: *eq, in*
responses:
'200':
description: A list of pending certification tasks
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/CertificationTask.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

35
api-specs/idn/beta/paths/certification.yaml Normal file
View File

@@ -0,0 +1,35 @@
get:
operationId: getCertification
tags:
- Certifications
summary: Certification by ID
description: >-
This API returns a single certification by its ID. A token with ORG_ADMIN or CERT_ADMIN authority is required to
call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A certification object
content:
application/json:
schema:
$ref: '../../beta/schemas/CertificationDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

81
api-specs/idn/beta/paths/certifications-access-summaries.yaml Normal file
View File

@@ -0,0 +1,81 @@
get:
operationId: getAccessSummaries
tags:
- Certification Summaries
summary: Access Summaries
description: >-
This API returns a list of access summaries for the specified certification and type. A token with ORG_ADMIN or
CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: type
schema:
$ref: '../../beta/schemas/CertificationItemType.yaml'
required: true
description: The type of review item to retrieve summaries for
example: ACCESS_PROFILE
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**completed**: *eq, ne*
**entity.id**: *eq, in*
**entity.name**: *eq, sw*
**entitlement.sourceName**: *eq, sw*
**accessProfile.sourceName**: *eq, sw*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **entity.name**
responses:
'200':
description: List of access summaries
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/ReviewData.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

56
api-specs/idn/beta/paths/certifications-decide.yaml Normal file
View File

@@ -0,0 +1,56 @@
post:
operationId: makeDecision
tags:
- Certifications
summary: Decide on a Certification Item
description: >-
The API makes a decision to approve or revoke a certification item. A token with ORG_ADMIN or CERT_ADMIN authority
is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The ID of the certification on which to make a decision
example: ef38f94347e94562b5bb8424a56396b5
requestBody:
required: true
description: An array of decisions to be made.
content:
application/json:
schema:
type: array
items:
$ref: '../../v3/schemas/ReviewDecision.yaml'
maxItems: 250
example:
- id: ef38f94347e94562b5bb8424a56396b5
decision: APPROVE
bulk: true
recommendation: null
comments: This user still needs access to this source.
- id: ef38f94347e94562b5bb8424a56397d8
decision: APPROVE
bulk: true
recommendation: null
comments: This user still needs access to this source too.
responses:
'200':
description: A certification object
content:
application/json:
schema:
$ref: '../../beta/schemas/CertificationDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

52
api-specs/idn/beta/paths/certifications-decision-summary.yaml Normal file
View File

@@ -0,0 +1,52 @@
get:
operationId: getDecisionSummary
tags:
- Certification Summaries
summary: Summary of Certification Decisions
description: >-
This API returns a summary of the decisions made on an certification. A token with ORG_ADMIN or CERT_ADMIN authority
is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**targetSummary.id**: *eq, in*
responses:
'200':
description: Summary of the decisions made
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/DecisionSummary.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

96
api-specs/idn/beta/paths/certifications-entitlement-permissions.yaml Normal file
View File

@@ -0,0 +1,96 @@
get:
operationId: getCertificationEntitlementPermissions
tags:
- Certifications
summary: Permissions for Entitlement in a Certification
description: >-
This API returns the permissions associated with an entitlement that is part of a certification campaign. The
entitlement provided must match the entitlement from an entitlement certification item, or be part of an access
profile which has its own access profile certification item. A token with ORG_ADMIN or CERT_ADMIN authority is
required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Supported fields and primitive operators:
**target**: *eq, sw*
**rights**: *ca*
Supported composite operators:
*and, or*
All field values (second filter operands) are case-insensitive for this API.
Only a single *and* or *or* composite filter operator may be used. It must also be used between
a target filter and a rights filter, not between 2 filters for the same field.
For example,
The following is valid:
*?filters=rights+ca+(%22CREATE%22)+and+target+eq+%22SYS.OBJAUTH2%22*
The following is invalid:
*?filters=rights+ca+(%22CREATE%22)+and+rights+ca+(%SELECT%22)*
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: itemId
schema:
type: string
required: true
description: The certification item ID
example: 2c91808671bcbab40171bd945d961227
- in: path
name: entitlementId
schema:
type: string
required: true
description: The entitlement ID
example: ef38f94347e94562b5bb8424a56397d8
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
responses:
'200':
description: A list of permissions associated with the given entitlement ID
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/PermissionDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

42
api-specs/idn/beta/paths/certifications-reassign-async.yaml Normal file
View File

@@ -0,0 +1,42 @@
post:
operationId: reassignCertsAsync
tags:
- Certifications
summary: Reassign Certifications Asynchronously
description: >-
This API initiates a task to reassign up to 500 identities or items in a certification to another reviewer. The
`certification-tasks` API can be used to get an updated status on the task and determine when the reassignment is
complete. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this
certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
requestBody:
required: true
content:
application/json:
schema:
$ref: "../../v3/schemas/ReviewReassign.yaml"
responses:
'202':
description: A certification task object for the reassignment which can be queried for status.
content:
application/json:
schema:
$ref: '../../beta/schemas/CertificationTask.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

40
api-specs/idn/beta/paths/certifications-reassign.yaml Normal file
View File

@@ -0,0 +1,40 @@
post:
operationId: reassignCertifications
tags:
- Certifications
summary: Reassign Identities or Items
description: >-
This API reassigns up to 50 identities or items in a certification to another reviewer. A token with ORG_ADMIN or
CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
requestBody:
required: true
content:
application/json:
schema:
$ref: "../../v3/schemas/ReviewReassign.yaml"
responses:
'200':
description: The certification details after completing the reassignment.
content:
application/json:
schema:
$ref: '../../beta/schemas/CertificationDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

42
api-specs/idn/beta/paths/certifications-review-items-activity.yaml Normal file
View File

@@ -0,0 +1,42 @@
get:
operationId: listReviewItemsActivityData
tags:
- Certifications
summary: List of Review Items Activity Data
description: >-
This API returns activity data for a list of review items for an identity campaign certification. The activity data applies to the results of the previous call to review-items API. A token with ORG_ADMIN or
CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: activityDataId
schema:
type: string
required: true
description: Id of the activity dataset, needs to match value of HTTP header “SLPT-Activity-Data-ID” returned by review-items call.
example: ff1567bf5d564996af4915f3ab061a1b
responses:
'200':
description: A list of review item ids with activity data
content:
application/json:
schema:
$ref: '../../beta/schemas/ReviewItemsActivityTask.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

93
api-specs/idn/beta/paths/certifications-review-items.yaml Normal file
View File

@@ -0,0 +1,93 @@
get:
operationId: listReviewItems
tags:
- Certifications
summary: List of Review Items
description: >-
This API returns a list of review items for and identity campaign certification. A token with ORG_ADMIN or
CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**completed***: *eq, ne*
**targetSummary.id**: *eq, in*
**targetSummary.name**: *eq, sw*
**reviewData.entity.id**: *eq, in*
**reviewData.entity.name**: *eq, sw*
**reviewData.entity.type**: *eq*
**reviewData.entitlement.sourceName**: *eq, sw*
**reviewData.accessProfile.sourceName**: *eq, sw*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **targetSummary.name, reviewData.entity.type, reviewData.entity.name, reviewData.entitlement.sourceName, reviewData.accessProfile.sourceName**
- in: query
name: activity-data
schema:
type: boolean
default: false
description: >-
If set to true, the response will include HTTP header "SLPT-Activity-Data-ID" which will allow the caller to query for certification items activity data in a separate call.
responses:
'200':
description: A list of review items
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/ReviewItem.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

70
api-specs/idn/beta/paths/certifications-reviewers.yaml Normal file
View File

@@ -0,0 +1,70 @@
get:
operationId: listCertificationReviewers
tags:
- Certifications
summary: List of Reviewers for the certification
description: >-
This API returns a list of reviewers for the certification. A token with ORG_ADMIN or
CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators (Filtering is done by reviewer's fields):
**id**: *eq, in*
**name**: *eq, sw*
**email**: *eq, sw*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, email**
responses:
'200':
description: A list of reviewers
content:
application/json:
schema:
type: array
items:
$ref: '../../v3/schemas/IdentityReferenceWithNameAndEmail.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

36
api-specs/idn/beta/paths/certifications-sign-off.yaml Normal file
View File

@@ -0,0 +1,36 @@
post:
operationId: signOffCertification
tags:
- Certifications
summary: Finalize Certification Decisions
description: >-
This API finalizes all decisions made on an certification and initiates any remediations required. A token with
ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this
API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
responses:
'200':
description: A certification object
content:
application/json:
schema:
$ref: '../../beta/schemas/CertificationDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

77
api-specs/idn/beta/paths/certifications-target-summaries.yaml Normal file
View File

@@ -0,0 +1,77 @@
get:
operationId: getTargetSummaries
tags:
- Certification Summaries
summary: Target Summaries for a Certification
description: >-
This API returns a list of the target summaries for a specific certification. A token with ORG_ADMIN or CERT_ADMIN
authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**completed**: *eq, ne*
**name**: *eq, sw*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name**
responses:
'200':
description: List of target summaries
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/TargetSummary.yaml'
example:
- id: 2c91808772a504f50172a9540e501ba7
name: Derek Grey
targetId: 2c9180857182306001719937379633e4
completed: false
- id: 2c91808772a504f50172a9540e501ba8
name: Mary LeMasters
targetId: 2c9180857182306001719937377a33de
completed: true
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

40
api-specs/idn/beta/paths/certifications-target-summary.yaml Normal file
View File

@@ -0,0 +1,40 @@
get:
operationId: getTargetSummary
tags:
- Certification Summaries
summary: Summary for a Certification Target
description: >-
This API returns the summary for a target on a specified certification. A token with ORG_ADMIN or CERT_ADMIN
authority is required to call this API. Reviewers for this certification can also call this API.
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The certification ID
example: ef38f94347e94562b5bb8424a56397d8
- in: path
name: targetSummaryId
schema:
type: string
required: true
description: The target summary ID
example: 2c91808772a504f50172a9540e501ba8
responses:
'200':
description: A target summary
content:
application/json:
schema:
$ref: '../../beta/schemas/TargetSummary.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'404':
$ref: '../../v3/responses/404.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

71
api-specs/idn/beta/paths/certifications.yaml Normal file
View File

@@ -0,0 +1,71 @@
get:
operationId: listCertifications
tags:
- Certifications
summary: Certifications by IDs
description: >-
This API returns a list of certifications that satisfy the given query parameters. Any authenticated token can call
this API, but only certifications you are authorized to review will be returned.
parameters:
- in: query
name: reviewer-identitiy
schema:
type: string
description: The ID of reviewer identity. *me* indicates the current user.
required: false
- $ref: '../../v3/parameters/limit.yaml'
- $ref: '../../v3/parameters/offset.yaml'
- $ref: '../../v3/parameters/count.yaml'
- in: query
name: filters
schema:
type: string
description: >-
Filter results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#filtering-results)
Filtering is supported for the following fields and operators:
**id**: *eq, in*
**phase**: *eq*
**completed**: *eq, ne*
**campaignRef.campaignType**: *eq, in*
**campaignRef.id**: *eq, in*
- in: query
name: sorters
schema:
type: string
format: comma-separated
description: >-
Sort results using the standard syntax described in [V3 API Standard Collection Parameters](https://developer.sailpoint.com/idn/api/standard-collection-parameters#sorting-results)
Sorting is supported for the following fields: **name, due, signed**
responses:
'200':
description: List of certifications
content:
application/json:
schema:
type: array
items:
$ref: '../../beta/schemas/CertificationDto.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

31
api-specs/idn/beta/paths/common-access-classify-request.yaml Normal file
View File

@@ -0,0 +1,31 @@
get:
operationId: getCommonAccessClassifyRequest
summary: Returns the metadata of the common access classification request
tags:
- IAI Common Access
description: >-
This endpoint returns details of a prior common access classification request.
Requires authorization scope of iai:access-modeling:read
parameters:
- in: path
name: id
schema:
type: string
required: true
description: The common access classification request id
example: 8c190e67-87aa-4ed9-a90b-d9d5344523fb
responses:
'200':
description: Succeeded. Returns details of an earlier common access classification request.
content:
application/json:
schema:
$ref: '../schemas/CommonAccessClassifyResponse.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

32
api-specs/idn/beta/paths/common-access-classify.yaml Normal file
View File

@@ -0,0 +1,32 @@
post:
operationId: commonAccessClassify
summary: Classify common access
tags:
- IAI Common Access
description: >-
This is an internal API that classifies common access. At this time there are no parameters.
Requires authorization scope of iai:access-modeling:create
requestBody:
required: true
content:
application/json:
schema:
$ref: '../schemas/CommonAccessClassifyRequest.yaml'
responses:
'202':
description: Common access request accepted. Returns details of the common access classification request.
content:
application/json:
schema:
$ref: '../schemas/CommonAccessClassifyResponse.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

31
api-specs/idn/beta/paths/common-access-update-status.yaml Normal file
View File

@@ -0,0 +1,31 @@
post:
operationId: updateCommonAccessStatusInBulk
summary: Bulk update common access status
tags:
- IAI Common Access
description: >-
This submits an update request to the common access application. At this time there are no parameters.
Requires authorization scope of iai:access-modeling:update
requestBody:
description: Confirm or deny in bulk the common access ids that are (or aren't) common access
required: true
content:
application/json:
schema:
type: array
items:
$ref: '../schemas/CommonAccessIDStatus.yaml'
responses:
'202':
$ref: '../../v3/responses/202.yaml'
'400':
$ref: '../../v3/responses/400.yaml'
'401':
$ref: '../../v3/responses/401.yaml'
'403':
$ref: '../../v3/responses/403.yaml'
'429':
$ref: '../../v3/responses/429.yaml'
'500':
$ref: '../../v3/responses/500.yaml'

Some files were not shown because too many files have changed in this diff Show More