SailPoint - SaaS API (3.0.0)

Download OpenAPI specification:Download

These are the public APIs for SailPoint's SaaS services. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.

Authentication

bearerAuth

Security Scheme Type HTTP
HTTP Authorization Scheme bearer
Bearer format "JWT"

Access Requests

Submit an Access Request

This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes. This doesn't return a result because the request has been submitted/accepted by the system.

There are two types of access request:

GRANT_ACCESS

  • Can be requested for multiple identities in a single request.
  • Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options.
  • Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.

REVOKE_ACCESS

  • Can only be requested for a single identity at a time.
  • Does not support self request. Only manager can request to revoke access for their directly managed employees.
  • If removeDate is specified, then the access will be removed on that date and time.
  • Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.

NOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API.

A token with API authority cannot be used to call this endpoint.

Authorizations:
Request Body schema: application/json
requestedFor
required
Array of strings

A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID.

requestType
string
Enum: "GRANT_ACCESS" "REVOKE_ACCESS"

Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.

required
Array of objects (AccessRequestItem)
object

Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.

Responses

Request samples

Content type
application/json
{
  • "requestedFor": [
    ],
  • "requestType": "GRANT_ACCESS",
  • "requestedItems": [
    ],
  • "clientMetadata": {
    }
}

Response samples

Content type
application/json
{ }

Account Activities

Get a list of Account Activities

This gets a collection of account activities that satisfy the given query parameters.

Authorizations:
query Parameters
requested-for
string

The identity that the activity was requested for. me indicates the current user. Mutually exclusive with regarding-identity.

requested-by
string

The identity that requested the activity. me indicates the current user. Mutually exclusive with regarding-identity.

regarding-identity
string

The specified identity will be either the requester or target of the account activity. me indicates the current user. Mutually exclusive with requested-for and requested-by.

type
string

The type of account activity.

limit
integer [ 0 .. 250 ]
Default: 250

Max number of results to return. See V3 API Standard Collection Parameters for more information.