SailPoint SaaS API (3.0.0)

Download OpenAPI specification:Download

Supported - v3 is fully versioned and currently supported by SailPoint

Authentication

bearerAuth

Security Scheme Type HTTP
HTTP Authorization Scheme bearer
Bearer format "JWT"

Access Requests

Submit an Access Request

This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes. This doesn't return a result because the request has been submitted/accepted by the system.

There are two types of access request:

GRANT_ACCESS

  • Can be requested for multiple identities in a single request.
  • Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options.
  • Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.

REVOKE_ACCESS

  • Can only be requested for a single identity at a time.
  • Does not support self request. Only manager can request to revoke access for their directly managed employees.
  • If removeDate is specified, then the access will be removed on that date and time.
  • Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.

NOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API.

A token with API authority cannot be used to call this endpoint.

Authorizations:
Request Body schema: application/json
requestedFor
required
Array of strings

A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID.

requestType
string
Enum: "GRANT_ACCESS" "REVOKE_ACCESS"

Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.

required
Array of objects (AccessRequestItem)
object

Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.

Responses

Request samples

Content type
application/json
{
  • "requestedFor": [
    ],
  • "requestType": "GRANT_ACCESS",
  • "requestedItems": [
    ],
  • "clientMetadata": {
    }
}

Response samples

Content type
application/json
{ }

Account Activities

Get a list of Account Activities

This gets a collection of account activities that satisfy the given query parameters.

Authorizations:
query Parameters
requested-for
string

The identity that the activity was requested for. me indicates the current user. Mutually exclusive with regarding-identity.

requested-by
string

The identity that requested the activity. me indicates the current user. Mutually exclusive with regarding-identity.

regarding-identity
string

The specified identity will be either the requester or target of the account activity. me indicates the current user. Mutually exclusive with requested-for and requested-by.

type
string

The type of account activity.

limit
integer [ 0 .. 250 ]
Default: 250

Max number of results to return. See V3 API Standard Collection Parameters for more information.

offset
integer >= 0
Default: 0

Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

count
boolean
Default: false

If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

See V3 API Standard Collection Parameters for more information.

filters
string

Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: type: eq, in created: gt, lt, ge, le modified: gt, lt, ge, le

sorters
string <comma-separated>

Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: type, created, modified

Responses

Response samples

Content type
application/json
[
  • {