SailPoint - SaaS API (3.0.0)

Download OpenAPI specification:Download

Developer Relations: developers@sailpoint.com URL: https://developer.sailpoint.com/discuss

These are the public APIs for SailPoint's SaaS services. We encourage you to join the SailPoint Developer Community forum at https://developer.sailpoint.com/discuss to connect with other developers using our APIs.

Authentication

bearerAuth

Security Scheme Type	HTTP
HTTP Authorization Scheme	bearer
Bearer format	"JWT"

Access Requests

Submit an Access Request

This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes. This doesn't return a result because the request has been submitted/accepted by the system.

There are two types of access request:

GRANT_ACCESS

Can be requested for multiple identities in a single request.
Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options.
Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.

REVOKE_ACCESS

Can only be requested for a single identity at a time.
Does not support self request. Only manager can request to revoke access for their directly managed employees.
If removeDate is specified, then the access will be removed on that date and time.
Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.

NOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API.

A token with API authority cannot be used to call this endpoint.

Authorizations:

bearerAuth

Request Body schema: application/json

requestedFor required	Array of strings A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID.
requestType	string Enum: "GRANT_ACCESS" "REVOKE_ACCESS" Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
required	Array of objects (AccessRequestItem)
	object Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.

Responses

Request samples

Payload

Content type

application/json

{"requestedFor": ["2c918084660f45d6016617daa9210584"
],
"requestType": "GRANT_ACCESS",
"requestedItems": [{"type": "ACCESS_PROFILE",
"id": "2c9180835d2e5168015d32f890ca1581",
"comment": "Requesting access profile for John Doe",
"clientMetadata": {"requestedAppName": "test-app",
"requestedAppId": "2c91808f7892918f0178b78da4a305a1"
},
"removeDate": "2020-07-11T21:23:15.000Z"
}
],
"clientMetadata": {"requestedAppId": "2c91808f7892918f0178b78da4a305a1",
"requestedAppName": "test-app"
}
}

Response samples

Content type

application/json

{ }

Account Activities

Get a list of Account Activities

This gets a collection of account activities that satisfy the given query parameters.

Authorizations:

bearerAuth

query Parameters

requested-for	string The identity that the activity was requested for. me indicates the current user. Mutually exclusive with regarding-identity.
requested-by	string The identity that requested the activity. me indicates the current user. Mutually exclusive with regarding-identity.
regarding-identity	string The specified identity will be either the requester or target of the account activity. me indicates the current user. Mutually exclusive with requested-for and requested-by.
type	string The type of account activity.
limit	integer [ 0 .. 250 ] Default: 250 Max number of results to return. See V3 API Standard Collection Parameters for more information.