SailPoint SaaS API (3.0.0)

Download OpenAPI specification:Download

Supported - v3 is fully versioned and currently supported by SailPoint

Authentication

bearerAuth

Security Scheme Type	HTTP
HTTP Authorization Scheme	bearer
Bearer format	"JWT"

Access Requests

Submit an Access Request

This submits the access request into IdentityNow, where it will follow any IdentityNow approval processes. This doesn't return a result because the request has been submitted/accepted by the system.

There are two types of access request:

GRANT_ACCESS

Can be requested for multiple identities in a single request.
Supports self request and request on behalf of other users, see '/beta/access-request-config' endpoint for request configuration options.
Allows any authenticated token (except API) to call this endpoint to request to grant access to themselves. Depending on the configuration, a user can request access for others.

REVOKE_ACCESS

Can only be requested for a single identity at a time.
Does not support self request. Only manager can request to revoke access for their directly managed employees.
If removeDate is specified, then the access will be removed on that date and time.
Allows a manager to request to revoke access for direct employees. A token with ORG_ADMIN authority can also request to revoke access from anyone.

NOTE: There is no indication to the approver in the IdentityNow UI that the approval request is for a revoke action. Take this into consideration when calling this API.

A token with API authority cannot be used to call this endpoint.

Authorizations:

bearerAuth

Request Body schema: application/json

requestedFor required	Array of strings A list of Identity IDs for whom the Access is requested. If it's a Revoke request, there can only be one Identity ID.
requestType	string Enum: "GRANT_ACCESS" "REVOKE_ACCESS" Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
required	Array of objects (AccessRequestItem)
	object Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on associated APIs such as /account-activities.

Responses

Request samples

Payload

Content type

application/json

{"requestedFor": ["2c918084660f45d6016617daa9210584"
],
"requestType": "GRANT_ACCESS",
"requestedItems": [{"type": "ACCESS_PROFILE",
"id": "2c9180835d2e5168015d32f890ca1581",
"comment": "string",
"clientMetadata": {"property1": "string",
"property2": "string"
},
"removeDate": "2020-07-11T21:23:15.000Z"
}
],
"clientMetadata": {"property1": "string",
"property2": "string"
}
}

Response samples

Content type

application/json

{ }

Account Activities

Get a list of Account Activities

This gets a collection of account activities that satisfy the given query parameters.

Authorizations:

bearerAuth

query Parameters

requested-for	string The identity that the activity was requested for. me indicates the current user. Mutually exclusive with regarding-identity.
requested-by	string The identity that requested the activity. me indicates the current user. Mutually exclusive with regarding-identity.
regarding-identity	string The specified identity will be either the requester or target of the account activity. me indicates the current user. Mutually exclusive with requested-for and requested-by.
type	string The type of account activity.
limit	integer [ 0 .. 250 ] Default: 250 Max number of results to return. See V3 API Standard Collection Parameters for more information.
offset	integer >= 0 Default: 0 Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
count	boolean Default: false If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored. Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used. See V3 API Standard Collection Parameters for more information.
filters	string Filter results using the standard syntax described in V3 API Standard Collection Parameters Filtering is supported for the following fields and operators: type: eq, in created: gt, lt, ge, le modified: gt, lt, ge, le
sorters	string <comma-separated> Sort results using the standard syntax described in V3 API Standard Collection Parameters Sorting is supported for the following fields: type, created, modified

Responses

Response samples

Content type

application/json

[{"id": "2c9180835d2e5168015d32f890ca1581",
"name": "2c9180835d2e5168015d32f890ca1581",
"created": "2017-07-11T18:45:37.098Z",
"modified": "2018-06-25T20:22:28.104Z",
"completed": "2018-10-19T13:49:37.385Z",
"completionStatus": "SUCCESS",
"type": "appRequest",
"requesterIdentitySummary": {"id": "ff80818155fe8c080155fe8d925b0316",
"name": "SailPoint Services",
"identityId": "c15b9f5cca5a4e9599eaa0e64fa921bd",
"completed": true
},
"targetIdentitySummary": {"id": "ff80818155fe8c080155fe8d925b0316",
"name": "SailPoint Services",
"identityId": "c15b9f5cca5a4e9599eaa0e64fa921bd",
"completed": true
},
"errors": ["sailpoint.connector.ConnectorException: java.lang.InterruptedException: Timeout waiting for response to message 0 from client 57a4ab97-ab3f-4aef-9fe2-0eaf15c73d26 after 60 seconds."
],
"warnings": ["Some warning, another warning"
],
"items": [{"id": "2725138ee34949beb0d6cc982d2d4625",
"name": "string",
"requested": "2017-07-11T18:45:37.098Z",
"approvalStatus": "FINISHED",
"provisioningStatus": "PENDING",
"requesterComment": {"commenterId": "2c918084660f45d6016617daa9210584",
"commenterName": "Adam Kennedy",
"body": "Et quam massa maximus vivamus nisi ut urna tincidunt metus elementum erat.",
"date": "2017-07-11T18:45:37.098Z"
},
"reviewerIdentitySummary": {"id": "ff80818155fe8c080155fe8d925b0316",
"name": "SailPoint Services",