Thank you for considering our feedback and rolling back this change. This truly reflects the strength of this developer community and your commitment to valuing our input.
3 Likes
One more thing to keep in mind: API clients bypass IP restrictions, while PATs honor them. To the point that API client is not necessarily the best substitute.
4 Likes
We appreciate the quick rollback Jeremy. I still don’t understand why you’re saying “we are committed to delivering a solution to this problem”, can anyone actually explain what the problem is? Were people asking for this? PATs have their own issues for sure but expiry is not one of them.
If you’re going to focus on changing PATs to be more secure, I think better scoping capabilities is way more valuable than changing expiration considering expiration is already under our control. I often find myself forced to give a token sp:scopes:all when it really only needs to hit a few endpoints, which is much more of a security issue than the token not expiring. I wouldn’t have to worry as much about the token expiring/getting compromised if it truly could only access the endpoints it needed.
2 Likes
Thank you for this. It’s much appreciated.
Thank you very much for listening and acting quickly on this topic. It is great to see (once again) in practice that you take the voice of the developer community seriously.
Moving forward, I’d be more then happy to engage with you or any other parties on this topic to discuss the PAT security and how to I feel to properly implement.
1 Like
Some follow-ups from my side:
- I see that the API documentation has not been rolled back yet as it still described the `expirationDate` with a maximum value of 6 months that also defaults to 6 months.
- Similar for the general documentation.
- I see value in an expiration date being there. Where ORG admins can globally configure what the default expiration date would be if not given (which can be infinite), and if there should be a maximum expiration date, what should that maximum be? Customer A could then say. 1 There is no enforced expiration date, and 2 by default it does not expire. Customer B could say. 1 There is no enforced expiration date, it can even have no expiration date at all, but 2. If no expiration date (including infinity) is specifically chosen, we default to 1 year. And customer C could then say: We have an enforced expiration date, of max 2 years, and we default to 6 months if no expiration date is specifically given. You can still put the default global configuration for new customers as enforced expiration date of max 6 months and put 6 months as default when not given, as long as you allow them to change this global setting. By doing this you are respecting a diverse group of customers, to make their own conscious security decisions.
- I can also see merit in other functionality such as email notifications being send when PATs are about to expire. Sending email notifications when they haven’t been used in a long time or even delete them a bit later (as long as customers can switch off this functionality, as we have this already through workflows). Allow customers to perform certification on their own or on others Personal Access Tokens. And allow org admins to specify which identities (like specific service accounts and specific employees) may create PATs and which identities may not create PATs (for example through governance group and/or role membership).
Kind regards,
Angelo
1 Like
Could someone help me understand the limitations of API Keys?
I’ve seen it mentioned that some API require PAT tokens instead of API Keys: this is news to me so I’d be keen to learn more about which API have this constraint.
I’ve seen in the documentation that API Keys do not support Data Segmentation, but that’s the only distinction I’ve found so far.
Off the top of my head these are some key APIs that require user context tokens with ORG_ADMIN
- Access request create
- Access request status
- Account create/update
- Certification task reassignment
1 Like
I tend to use this API documentation:
For example you can compare these two APIs:
One to create a role
One to list segments
Maybe @saas_docs_team can confirm if this documentation for each API correctly resembles reality. AKA, if Client Credentials is not mentioned, may we conclude that API Credentials are unauthorized to call that particular API endpoint?
1 Like
I decided to use technology and have a script traverse the API specs to find out which endpoints allowed ONLY userAuth and did not allow applicationAuth
Total Endpoints Checked - 2979
Endpoints using only userAuth - 2106
So @jeremy_southerland according to your recommendation
that means we’d be excluding 70% of the available API endpoints… that doesn’t seem like a great solution
Here’s the list of API endpoints I found that don’t allow API clients aka “applicationAuth”
/beta endpoints
GET /beta/access-model-metadata-list
GET /beta/access-model-metadata-value-list
GET /beta/access-model-metadata-value
GET /beta/access-model-metadata
DELETE /beta/access-profile
PATCH /beta/access-profile
GET /beta/access-request-approval-summary
GET /beta/access-request-identity-metrics
POST /beta/access-roles-change-segment-assignments
GET /beta/account-usages
GET /beta/account
PUT /beta/account
DELETE /beta/account
PATCH /beta/account
POST /beta/accounts-id-disable
POST /beta/accounts-id-enable
GET /beta/accounts-id-entitlements
POST /beta/accounts-id-reload
POST /beta/accounts-id-unlock
GET /beta/accounts
POST /beta/accounts
GET /beta/ai-access-request-recommendations-ignored
POST /beta/ai-access-request-recommendations-ignored
GET /beta/ai-access-request-recommendations-requested
POST /beta/ai-access-request-recommendations-requested
POST /beta/ai-access-request-recommendations-viewed-bulk-create
GET /beta/ai-access-request-recommendations-viewed
POST /beta/ai-access-request-recommendations-viewed
GET /beta/ai-access-request-recommendations
GET /beta/attr-sync-config-source
PUT /beta/attr-sync-config-source
GET /beta/auth-profile
PATCH /beta/auth-profile
GET /beta/auth-profiles
PUT /beta/auth-user
DELETE /beta/auth-user
POST /beta/bulk-add-tagged-objects
POST /beta/bulk-remove-tagged-objects
POST /beta/campaign-activate
POST /beta/campaign-admin-cert-reassign
POST /beta/campaign-complete
GET /beta/campaign-reports-configuration
PUT /beta/campaign-reports-configuration
GET /beta/campaign-reports
POST /beta/campaign-run-remediation-scan
POST /beta/campaign-run-report
POST /beta/campaign-template-generate
GET /beta/campaign-template-schedule
PUT /beta/campaign-template-schedule
DELETE /beta/campaign-template-schedule
GET /beta/campaign-template
DELETE /beta/campaign-template
PATCH /beta/campaign-template
GET /beta/campaign-templates
POST /beta/campaign-templates
GET /beta/campaign
PATCH /beta/campaign
POST /beta/campaigns-delete
GET /beta/campaigns
POST /beta/campaigns
GET /beta/certification-task
GET /beta/certification-tasks
GET /beta/certifications-reviewers
POST /beta/connector-rule-validate
GET /beta/connector-rule
PUT /beta/connector-rule
DELETE /beta/connector-rule
GET /beta/connector-rules
POST /beta/connector-rules
GET /beta/connectors
GET /beta/correlation-config
PUT /beta/correlation-config
GET /beta/dimension-access-profiles
POST /beta/dimension-bulk-delete
GET /beta/dimension-entitlements
GET /beta/dimension
DELETE /beta/dimension
PATCH /beta/dimension
GET /beta/dimensions
POST /beta/dimensions
GET /beta/discovered-application
PATCH /beta/discovered-application
GET /beta/discovered-applications
POST /beta/ears-entitlement-bulk-update
GET /beta/ears-entitlement-children
GET /beta/ears-entitlement-parents
GET /beta/ears-entitlement
PATCH /beta/ears-entitlement
POST /beta/ears-source-app-access-profiles-bulk-remove
GET /beta/ears-source-app-access-profiles
POST /beta/ears-source-app-bulk-update
GET /beta/ears-source-app
DELETE /beta/ears-source-app
PATCH /beta/ears-source-app
GET /beta/ears-source-apps-all
GET /beta/ears-source-apps-assigned
GET /beta/ears-source-apps
POST /beta/ears-source-apps
GET /beta/ears-user-app-available-accounts
PATCH /beta/ears-user-app
GET /beta/ears-user-apps-all
GET /beta/ears-user-apps
POST /beta/entitlement-access-model-metadata
DELETE /beta/entitlement-access-model-metadata
POST /beta/entitlement-bulk-delete
GET /beta/entitlement-delete-status
GET /beta/entitlement-request-config
PUT /beta/entitlement-request-config
POST /beta/entitlement
GET /beta/entitlements
POST /beta/featurestore-api-feature-values
POST /beta/form-definition-data-source
GET /beta/form-definition-file
POST /beta/form-definition-files
POST /beta/form-definition-forms-action-dynamic-schema
GET /beta/form-definition
DELETE /beta/form-definition
PATCH /beta/form-definition
GET /beta/form-definitions-export
POST /beta/form-definitions-import
GET /beta/form-definitions-predefined-select-options
POST /beta/form-definitions-template
GET /beta/form-definitions
POST /beta/form-definitions
GET /beta/form-instance-data-source
GET /beta/form-instance-file
GET /beta/form-instance
PATCH /beta/form-instance
GET /beta/form-instances
POST /beta/form-instances
GET /beta/historical-identities
GET /beta/historical-identity-access-items
GET /beta/historical-identity-events
GET /beta/historical-identity-snapshot-date-access-items
GET /beta/historical-identity
PUT /beta/icon
DELETE /beta/icon
POST /beta/identities-accounts-disable
POST /beta/identities-accounts-enable
POST /beta/identities-process
GET /beta/identities-role-assignment
GET /beta/identities-role-assignments
GET /beta/identities
POST /beta/identity-accounts-id-disable
POST /beta/identity-accounts-id-enable
GET /beta/identity-attribute
PUT /beta/identity-attribute
DELETE /beta/identity-attribute
DELETE /beta/identity-attributes-bulk-delete
GET /beta/identity-attributes
POST /beta/identity-attributes
GET /beta/identity-certifications-item-permissions
POST /beta/identity-certifications-reassign-async
GET /beta/identity-ownership
PATCH /beta/identity-patch
GET /beta/identity-profile-default-config
POST /beta/identity-profile-process-identities
GET /beta/identity-profile
DELETE /beta/identity-profile
PATCH /beta/identity-profile
POST /beta/identity-profiles-bulk-delete
GET /beta/identity-profiles-export
DELETE /beta/identity-profiles-id
PATCH /beta/identity-profiles-id
POST /beta/identity-profiles-identity-preview
POST /beta/identity-profiles-import
GET /beta/identity-profiles
POST /beta/identity-profiles
POST /beta/identity-reset
GET /beta/identity
DELETE /beta/identity
POST /beta/launcher-launch
GET /beta/launcher
PUT /beta/launcher
DELETE /beta/launcher
GET /beta/launchers
POST /beta/launchers
POST /beta/load-accounts
POST /beta/load-entitlements-by-sources
POST /beta/load-entitlements
POST /beta/load-uncorrelated-accounts
GET /beta/mail-from-attribute
PUT /beta/mail-from-attributes
GET /beta/managed-client-status
POST /beta/managed-client-status
POST /beta/managed-clients-certificate
POST /beta/managed-clients-credentials
GET /beta/managed-clients-get-encryption-keys
GET /beta/managed-clients-metrics-credentials
GET /beta/managed-clients-path
DELETE /beta/managed-clients-path
PATCH /beta/managed-clients-path
POST /beta/managed-clients-provision
POST /beta/managed-clients-submit-activation-code
GET /beta/managed-clients
POST /beta/managed-clients
DELETE /beta/managed-cluster-cache
GET /beta/managed-cluster-jobs
GET /beta/managed-cluster-log-config
PUT /beta/managed-cluster-log-config
GET /beta/managed-cluster-path-full
DELETE /beta/managed-cluster-path-full
PATCH /beta/managed-cluster-path-full
DELETE /beta/managed-cluster-path-internal
PATCH /beta/managed-cluster-path-internal
GET /beta/managed-cluster-path
GET /beta/managed-cluster-processes
POST /beta/managed-cluster-reboot
GET /beta/managed-cluster-status
GET /beta/managed-cluster-types-path
DELETE /beta/managed-cluster-types-path
PATCH /beta/managed-cluster-types-path
GET /beta/managed-cluster-types
POST /beta/managed-cluster-types
POST /beta/managed-cluster-upgrade
POST /beta/managed-clusters-create
GET /beta/managed-clusters-full
POST /beta/managed-clusters-full
POST /beta/managed-clusters-set-encryption-keys
GET /beta/managed-clusters
GET /beta/managed-processes-path
DELETE /beta/managed-processes-path
PATCH /beta/managed-processes-path
GET /beta/managed-processes
POST /beta/managed-processes
GET /beta/manual-discover-applications-template
POST /beta/manual-discover-applications
GET /beta/message-catalog
GET /beta/multi-host-integration-get-acct-agg-groups
GET /beta/multi-host-integration-get-entitlement-agg-groups
GET /beta/multi-host-integration-list-sources
GET /beta/multi-host-integration-sources-creation-error
GET /beta/multi-host-integration-test-connection-source
POST /beta/multi-host-integration-test-connection
GET /beta/multi-host-integration-types
GET /beta/multi-host-integration
POST /beta/multi-host-integration
GET /beta/multi-host-integrations
POST /beta/multi-host-integrations
DELETE /beta/multi-host-integrations
PATCH /beta/multi-host-integrations
GET /beta/native-change-detection-config
PUT /beta/native-change-detection-config
DELETE /beta/native-change-detection-config
GET /beta/non-employee-approval-list
GET /beta/non-employee-approval-summary
GET /beta/non-employee-approve-get
POST /beta/non-employee-approve-request
POST /beta/non-employee-bulk-upload-jobs-fail
GET /beta/non-employee-record
PUT /beta/non-employee-record
DELETE /beta/non-employee-record
PATCH /beta/non-employee-record
POST /beta/non-employee-records-bulk-delete
GET /beta/non-employee-records
POST /beta/non-employee-records
POST /beta/non-employee-reject-request
GET /beta/non-employee-request-summary-get
GET /beta/non-employee-request
DELETE /beta/non-employee-request
GET /beta/non-employee-requests
POST /beta/non-employee-requests
POST /beta/non-employee-source-aggregate
GET /beta/non-employee-source
DELETE /beta/non-employee-source
PATCH /beta/non-employee-source
GET /beta/non-employee-sources-bulk-upload-details
POST /beta/non-employee-sources-bulk-upload-non-employees
GET /beta/non-employee-sources-bulk-upload-status
GET /beta/non-employee-sources-export-non-employees
GET /beta/non-employee-sources-export-schema-attributes-template
GET /beta/non-employee-sources-schema-attribute
DELETE /beta/non-employee-sources-schema-attribute
PATCH /beta/non-employee-sources-schema-attribute
GET /beta/non-employee-sources-schema-attributes
POST /beta/non-employee-sources-schema-attributes
DELETE /beta/non-employee-sources-schema-attributes
GET /beta/non-employee-sources
POST /beta/non-employee-sources
GET /beta/notification-preference
PUT /beta/notification-preference
GET /beta/notification-preferences
GET /beta/notification-template-context
GET /beta/notification-template-defaults
POST /beta/notification-templates-bulk-delete
GET /beta/notification-templates
POST /beta/notification-templates
GET /beta/oauth-client
DELETE /beta/oauth-client
PATCH /beta/oauth-client
GET /beta/oauth-clients
POST /beta/oauth-clients
GET /beta/org-config-valid-time-zones
GET /beta/org-config
PATCH /beta/org-config
POST /beta/password-reset-digit-token
GET /beta/peer-group-strategies
DELETE /beta/personal-access-token
PATCH /beta/personal-access-token
GET /beta/personal-access-tokens
POST /beta/personal-access-tokens
GET /beta/public-identities-config
PUT /beta/public-identities-config
DELETE /beta/reassignment-configuration-config-type
GET /beta/reassignment-configuration-evaluate
GET /beta/reassignment-configuration-types
GET /beta/reassignment-configuration
PUT /beta/reassignment-configuration
GET /beta/reassignment-configurations
POST /beta/reassignment-configurations
GET /beta/recommendations-config
PUT /beta/recommendations-config
POST /beta/recommendations-request
POST /beta/remove-account
POST /beta/remove-accounts
POST /beta/reset-entitlements
GET /beta/role-access-profiles
GET /beta/role-assigned-identities
POST /beta/role-bulk-delete
GET /beta/role-mining-potential-role-entitlement-popularities
GET /beta/role-mining-potential-role-source-identity-usage
GET /beta/role-mining-potential-role-summaries
GET /beta/role-mining-potential-role
PATCH /beta/role-mining-potential-role
GET /beta/role-mining-potential-roles-draft
GET /beta/role-mining-session-potential-role-applications
GET /beta/role-mining-session-potential-role-entitlements
GET /beta/role
DELETE /beta/role
PATCH /beta/role
GET /beta/roles-by-identity
GET /beta/roles
POST /beta/roles
GET /beta/s3-proxy
GET /beta/schemas
POST /beta/schemas
GET /beta/searchAttributeConfig-get-patch-delete
DELETE /beta/searchAttributeConfig-get-patch-delete
PATCH /beta/searchAttributeConfig-get-patch-delete
GET /beta/searchAttributeConfig
POST /beta/searchAttributeConfig
GET /beta/service-desk-integration-configuration
PUT /beta/service-desk-integration-configuration
GET /beta/service-desk-integration-template
GET /beta/service-desk-integration-types
GET /beta/service-desk-integration
PUT /beta/service-desk-integration
DELETE /beta/service-desk-integration
PATCH /beta/service-desk-integration
GET /beta/service-desk-integrations
POST /beta/service-desk-integrations
POST /beta/set-password
PATCH /beta/sim-integrations-before-provisioning-rule
GET /beta/sim-integrations-value-list
POST /beta/sim-integrations-value-list
GET /beta/sim-integrations
PUT /beta/sim-integrations
DELETE /beta/sim-integrations
PATCH /beta/sim-integrations
POST /beta/sod-all-report-run
GET /beta/sod-all-report-status
GET /beta/sod-download-custom-report
GET /beta/sod-download-default-report
GET /beta/sod-policies
POST /beta/sod-policies
GET /beta/sod-policy
PUT /beta/sod-policy
DELETE /beta/sod-policy
PATCH /beta/sod-policy
POST /beta/sod-report-run
GET /beta/sod-schedule
PUT /beta/sod-schedule
DELETE /beta/sod-schedule
GET /beta/sod-violation-report-status
GET /beta/sod-violation-report
GET /beta/source-accounts-schema
POST /beta/source-accounts-schema
POST /beta/source-connector-check-connection
POST /beta/source-connector-initiate-extract
POST /beta/source-connector-peek-resource-objects
POST /beta/source-connector-ping-cluster
POST /beta/source-connector-test-configuration
GET /beta/source-entitlements-schema
POST /beta/source-entitlements-schema
POST /beta/source-upload-connector-file
GET /beta/source-usage-status
GET /beta/source-usages
GET /beta/source
PUT /beta/source
DELETE /beta/source
PATCH /beta/source
GET /beta/sources-available
GET /beta/sources-entitlement-request-config
PUT /beta/sources-entitlement-request-config
GET /beta/sources-policy-holders
PATCH /beta/sources-policy-holders
GET /beta/sources
POST /beta/sources
GET /beta/sp-config-export-status
POST /beta/sp-config-export
GET /beta/sp-config-import-status
POST /beta/sp-config-import
GET /beta/sp-config-objects
POST /beta/suggested-entitlement-description-approvals
POST /beta/suggested-entitlement-description-assignments
GET /beta/suggested-entitlement-description-batches-stats
GET /beta/suggested-entitlement-description-batches
POST /beta/suggested-entitlement-description-batches
GET /beta/suggested-entitlement-descriptions
PATCH /beta/suggested-entitlement-descriptions
GET /beta/system-accounts
GET /beta/system-notification-config
PUT /beta/system-notification-config
GET /beta/tagged-object
PUT /beta/tagged-object
DELETE /beta/tagged-object
GET /beta/tagged-objects-type
GET /beta/tagged-objects
POST /beta/tagged-objects
POST /beta/tags-get-shared
GET /beta/task-definition
PATCH /beta/task-definition
GET /beta/task-definitions
POST /beta/task-execution-cancel
POST /beta/task-execution-run
PATCH /beta/task-status
GET /beta/tenant-configuration
PUT /beta/tenant-configuration
GET /beta/tenant
GET /beta/transform
PUT /beta/transform
DELETE /beta/transform
GET /beta/transforms
POST /beta/transforms
GET /beta/trigger-invocations-status
POST /beta/trigger-invocations-test
PUT /beta/trigger-subscription
DELETE /beta/trigger-subscription
PATCH /beta/trigger-subscription
POST /beta/trigger-subscriptions-internal
POST /beta/trigger-subscriptions-validate-filter
GET /beta/trigger-subscriptions
POST /beta/trigger-subscriptions
GET /beta/triggers
GET /beta/vendor-connector-mappings
POST /beta/vendor-connector-mappings
DELETE /beta/vendor-connector-mappings
GET /beta/verified-domains
POST /beta/verified-domains
POST /beta/work-item-forward
GET /beta/work-item
POST /beta/work-item
POST /beta/work-items-account-selection
POST /beta/work-items-approve-approval-item
POST /beta/work-items-bulk-approve-approval-item
POST /beta/work-items-bulk-reject-approval-item
GET /beta/work-items-completed-count
GET /beta/work-items-completed
GET /beta/work-items-count
POST /beta/work-items-reject-approval-item
GET /beta/work-items-summary
GET /beta/work-items
POST /beta/workflow-execution-cancel
GET /beta/workflow-execution-history
GET /beta/workflow-execution
GET /beta/workflow-executions
POST /beta/workflow-external-execute-test
POST /beta/workflow-external-execute
POST /beta/workflow-external-oauth-client
GET /beta/workflow-library-actions
GET /beta/workflow-library-operators
GET /beta/workflow-library-triggers
GET /beta/workflow-library
POST /beta/workflow-test
GET /beta/workflow
PUT /beta/workflow
DELETE /beta/workflow
PATCH /beta/workflow
GET /beta/workflows
POST /beta/workflows
GET /beta/sod/arm-risk
POST /beta/sod/predict-violations
GET /beta/ui-metadata/tenant-ui-metadata
PUT /beta/ui-metadata/tenant-ui-metadata
POST /beta/workgroups/bulk-add-workgroup-members
POST /beta/workgroups/bulk-delete-workgroup-members
GET /beta/workgroups/connections
GET /beta/workgroups/workgroup-members
GET /beta/workgroups/workgroup
DELETE /beta/workgroups/workgroup
PATCH /beta/workgroups/workgroup
POST /beta/workgroups/workgroups-bulk-delete
GET /beta/workgroups/workgroups
POST /beta/workgroups/workgroups
POST /beta/webhooks/access-request-decision
POST /beta/webhooks/access-request-dynamic-approval
POST /beta/webhooks/access-request-submitted
POST /beta/webhooks/account-aggregation-completed
POST /beta/webhooks/campaign-activated
POST /beta/webhooks/campaign-ended
POST /beta/webhooks/campaign-generated
POST /beta/webhooks/certification-signed-off
POST /beta/webhooks/form-submitted
POST /beta/webhooks/identity-attributes-changed
POST /beta/webhooks/identity-created
POST /beta/webhooks/identity-deleted
POST /beta/webhooks/native-change-account-created
POST /beta/webhooks/native-change-account-deleted
POST /beta/webhooks/native-change-account-updated
POST /beta/webhooks/outlier-detected
POST /beta/webhooks/provisioning-completed
POST /beta/webhooks/scheduled-search
POST /beta/webhooks/source-account-created
POST /beta/webhooks/source-account-deleted
POST /beta/webhooks/source-account-updated
POST /beta/webhooks/source-created
POST /beta/webhooks/source-deleted
POST /beta/webhooks/source-updated
POST /beta/webhooks/va-cluster-status-change
/v2024 endpoints
GET /v2024/access-model-metadata-list
GET /v2024/access-model-metadata-value-list
GET /v2024/access-model-metadata-value
GET /v2024/access-model-metadata
POST /v2024/access-profile-bulk-update-requestable
GET /v2024/access-request-approval-summary
GET /v2024/access-request-approvers-list
POST /v2024/access-request-bulk-approve
POST /v2024/access-request-cancel
POST /v2024/access-request-close
GET /v2024/access-request-config
PUT /v2024/access-request-config
GET /v2024/access-request-identity-metrics
GET /v2024/access-request-status-administrator
GET /v2024/access-request-status
POST /v2024/access-requests-accounts-selection
POST /v2024/access-requests
POST /v2024/access-roles-change-segment-assignments
GET /v2024/account-aggregation-status
GET /v2024/account-usages
GET /v2024/account
PUT /v2024/account
DELETE /v2024/account
PATCH /v2024/account
POST /v2024/accounts-id-disable
POST /v2024/accounts-id-enable
GET /v2024/accounts-id-entitlements
POST /v2024/accounts-id-reload
POST /v2024/accounts-id-unlock
GET /v2024/accounts
POST /v2024/accounts
GET /v2024/ai-access-request-recommendations-config
PUT /v2024/ai-access-request-recommendations-config
GET /v2024/ai-access-request-recommendations-ignored
POST /v2024/ai-access-request-recommendations-ignored
GET /v2024/ai-access-request-recommendations-requested
POST /v2024/ai-access-request-recommendations-requested
POST /v2024/ai-access-request-recommendations-viewed-bulk-create
GET /v2024/ai-access-request-recommendations-viewed
POST /v2024/ai-access-request-recommendations-viewed
GET /v2024/ai-access-request-recommendations
GET /v2024/approval
GET /v2024/approvals
POST /v2024/approve-access-request-approval
GET /v2024/attr-sync-config-source
PUT /v2024/attr-sync-config-source
GET /v2024/auth-org-lockout-config
PATCH /v2024/auth-org-lockout-config
GET /v2024/auth-org-network-config
POST /v2024/auth-org-network-config
PATCH /v2024/auth-org-network-config
GET /v2024/auth-org-service-provider-config
PATCH /v2024/auth-org-service-provider-config
GET /v2024/auth-org-session-config
PATCH /v2024/auth-org-session-config
GET /v2024/auth-profile
PATCH /v2024/auth-profile
GET /v2024/auth-profiles
GET /v2024/auth-user
PATCH /v2024/auth-user
POST /v2024/bulk-cancel-access-request
POST /v2024/campaign-activate
POST /v2024/campaign-admin-cert-reassign
POST /v2024/campaign-complete
GET /v2024/campaign-filter
POST /v2024/campaign-filter
POST /v2024/campaign-filters-delete
GET /v2024/campaign-filters
POST /v2024/campaign-filters
GET /v2024/campaign-reports-configuration
PUT /v2024/campaign-reports-configuration
GET /v2024/campaign-reports
POST /v2024/campaign-run-remediation-scan
POST /v2024/campaign-run-report
POST /v2024/campaign-template-generate
GET /v2024/campaign-template-schedule
PUT /v2024/campaign-template-schedule
DELETE /v2024/campaign-template-schedule
GET /v2024/campaign-template
DELETE /v2024/campaign-template
PATCH /v2024/campaign-template
GET /v2024/campaign-templates
POST /v2024/campaign-templates
GET /v2024/campaign
PATCH /v2024/campaign
POST /v2024/campaigns-delete
GET /v2024/campaigns
POST /v2024/campaigns
GET /v2024/certification-task
GET /v2024/certification-tasks
POST /v2024/certifications-reassign-async
GET /v2024/certifications-reviewers
GET /v2024/completed-access-request-approvals
GET /v2024/connector-customizers-id
PUT /v2024/connector-customizers-id
DELETE /v2024/connector-customizers-id
POST /v2024/connector-customizers-versions
GET /v2024/connector-customizers
POST /v2024/connector-customizers
POST /v2024/connector-rule-validate
GET /v2024/connector-rule
PUT /v2024/connector-rule
DELETE /v2024/connector-rule
GET /v2024/connector-rules
POST /v2024/connector-rules
GET /v2024/connector
DELETE /v2024/connector
PATCH /v2024/connector
GET /v2024/connectors-correlation-config
PUT /v2024/connectors-correlation-config
GET /v2024/connectors-source-config
PUT /v2024/connectors-source-config
GET /v2024/connectors-source-template
PUT /v2024/connectors-source-template
GET /v2024/connectors-translations
PUT /v2024/connectors-translations
GET /v2024/connectors
POST /v2024/connectors
GET /v2024/correlation-config
PUT /v2024/correlation-config
GET /v2024/custom-password-instruction
DELETE /v2024/custom-password-instruction
POST /v2024/custom-password-instructions
GET /v2024/dimension-access-profiles
POST /v2024/dimension-bulk-delete
GET /v2024/dimension-entitlements
GET /v2024/dimension
DELETE /v2024/dimension
PATCH /v2024/dimension
GET /v2024/dimensions
POST /v2024/dimensions
GET /v2024/discovered-application
PATCH /v2024/discovered-application
GET /v2024/discovered-applications
POST /v2024/ears-entitlement-bulk-update
GET /v2024/ears-entitlement-children
GET /v2024/ears-entitlement-parents
GET /v2024/ears-entitlement
PATCH /v2024/ears-entitlement
POST /v2024/ears-source-app-access-profiles-bulk-remove
GET /v2024/ears-source-app-access-profiles
POST /v2024/ears-source-app-bulk-update
GET /v2024/ears-source-app
DELETE /v2024/ears-source-app
PATCH /v2024/ears-source-app
GET /v2024/ears-source-apps-all
GET /v2024/ears-source-apps-assigned
GET /v2024/ears-source-apps
POST /v2024/ears-source-apps
GET /v2024/ears-user-app-available-accounts
PATCH /v2024/ears-user-app
GET /v2024/ears-user-apps-all
GET /v2024/ears-user-apps
POST /v2024/entitlement-access-model-metadata
DELETE /v2024/entitlement-access-model-metadata
GET /v2024/entitlement-request-config
PUT /v2024/entitlement-request-config
POST /v2024/entitlement
GET /v2024/entitlements
POST /v2024/featurestore-api-feature-values
POST /v2024/form-definition-data-source
GET /v2024/form-definition-file
POST /v2024/form-definition-files
POST /v2024/form-definition-forms-action-dynamic-schema
GET /v2024/form-definition
DELETE /v2024/form-definition
PATCH /v2024/form-definition
GET /v2024/form-definitions-export
POST /v2024/form-definitions-import
GET /v2024/form-definitions-predefined-select-options
POST /v2024/form-definitions-template
GET /v2024/form-definitions
POST /v2024/form-definitions
GET /v2024/form-instance-data-source
GET /v2024/form-instance-file
GET /v2024/form-instance
PATCH /v2024/form-instance
GET /v2024/form-instances
POST /v2024/form-instances
GET /v2024/historical-identities
GET /v2024/historical-identity-access-items
GET /v2024/historical-identity-events
GET /v2024/historical-identity
PUT /v2024/icon
DELETE /v2024/icon
POST /v2024/identities-accounts-disable
POST /v2024/identities-accounts-enable
POST /v2024/identities-process
GET /v2024/identities-role-assignment
GET /v2024/identities-role-assignments
GET /v2024/identities
POST /v2024/identity-accounts-id-disable
POST /v2024/identity-accounts-id-enable
GET /v2024/identity-attribute
PUT /v2024/identity-attribute
DELETE /v2024/identity-attribute
DELETE /v2024/identity-attributes-bulk-delete
GET /v2024/identity-attributes
POST /v2024/identity-attributes
GET /v2024/identity-certification
GET /v2024/identity-certifications-access-review-items
GET /v2024/identity-certifications-access-summaries
POST /v2024/identity-certifications-decide
GET /v2024/identity-certifications-decision-summary
GET /v2024/identity-certifications-identity-summaries
GET /v2024/identity-certifications-identity-summary
GET /v2024/identity-certifications-item-permissions
POST /v2024/identity-certifications-reassign-async
POST /v2024/identity-certifications-sign-off
GET /v2024/identity-ownership
PATCH /v2024/identity-patch
GET /v2024/identity-profile-default-config
GET /v2024/identity-profile-lifecycle-state
POST /v2024/identity-profile-process-identities
DELETE /v2024/identity-profile
PATCH /v2024/identity-profile
POST /v2024/identity-profiles-bulk-delete
GET /v2024/identity-profiles-export
DELETE /v2024/identity-profiles-id
PATCH /v2024/identity-profiles-id
POST /v2024/identity-profiles-identity-preview
POST /v2024/identity-profiles-import
POST /v2024/identity-profiles
POST /v2024/identity-reset
POST /v2024/identity-set-lifecycle-state
GET /v2024/identity
DELETE /v2024/identity
POST /v2024/launcher-launch
GET /v2024/launcher
PUT /v2024/launcher
DELETE /v2024/launcher
GET /v2024/launchers
POST /v2024/launchers
POST /v2024/load-accounts
POST /v2024/load-entitlements-by-sources
POST /v2024/load-entitlements
POST /v2024/load-uncorrelated-accounts
POST /v2024/machine-account-classify
GET /v2024/machine-account-mapping
POST /v2024/machine-account-mapping
DELETE /v2024/machine-account-mapping
GET /v2024/machine-account
PATCH /v2024/machine-account
GET /v2024/machine-accounts
GET /v2024/machine-classification-config
PUT /v2024/machine-classification-config
DELETE /v2024/machine-classification-config
GET /v2024/machine-identities
POST /v2024/machine-identities
GET /v2024/machine-identity
DELETE /v2024/machine-identity
PATCH /v2024/machine-identity
PUT /v2024/machine-mappings
GET /v2024/mail-from-attribute
PUT /v2024/mail-from-attributes
GET /v2024/managed-client-status
GET /v2024/managed-client
DELETE /v2024/managed-client
PATCH /v2024/managed-client
POST /v2024/managed-clients-certificate
POST /v2024/managed-clients-credentials
GET /v2024/managed-clients-get-encryption-keys
GET /v2024/managed-clients-metrics-credentials
GET /v2024/managed-clients-path
DELETE /v2024/managed-clients-path
PATCH /v2024/managed-clients-path
POST /v2024/managed-clients-provision
POST /v2024/managed-clients-submit-activation-code
POST /v2024/managed-clients
DELETE /v2024/managed-cluster-cache
GET /v2024/managed-cluster-jobs
GET /v2024/managed-cluster-log-config
PUT /v2024/managed-cluster-log-config
POST /v2024/managed-cluster-manualUpgrade
GET /v2024/managed-cluster-path-full
DELETE /v2024/managed-cluster-path-full
PATCH /v2024/managed-cluster-path-full
DELETE /v2024/managed-cluster-path-internal
PATCH /v2024/managed-cluster-path-internal
GET /v2024/managed-cluster-path
GET /v2024/managed-cluster-processes
POST /v2024/managed-cluster-reboot
GET /v2024/managed-cluster-status
GET /v2024/managed-cluster-types-path
DELETE /v2024/managed-cluster-types-path
PATCH /v2024/managed-cluster-types-path
GET /v2024/managed-cluster-types
POST /v2024/managed-cluster-types
POST /v2024/managed-cluster-upgrade
GET /v2024/managed-cluster
DELETE /v2024/managed-cluster
PATCH /v2024/managed-cluster
POST /v2024/managed-clusters-create
GET /v2024/managed-clusters-full
POST /v2024/managed-clusters-full
POST /v2024/managed-clusters-set-encryption-keys
POST /v2024/managed-clusters
GET /v2024/managed-processes-path
DELETE /v2024/managed-processes-path
PATCH /v2024/managed-processes-path
GET /v2024/managed-processes
POST /v2024/managed-processes
GET /v2024/manual-discover-applications-template
POST /v2024/manual-discover-applications
GET /v2024/message-catalog
DELETE /v2024/mfa-config-delete
GET /v2024/mfa-config-test
GET /v2024/mfa-duo-config
PUT /v2024/mfa-duo-config
POST /v2024/mfa-duo-verify
POST /v2024/mfa-kba-authenticate
POST /v2024/mfa-kba-config-answers
GET /v2024/mfa-kba-config
GET /v2024/mfa-okta-config
PUT /v2024/mfa-okta-config
POST /v2024/mfa-okta-verify
POST /v2024/mfa-poll
POST /v2024/mfa-token-authenticate
POST /v2024/mfa-token-send
GET /v2024/multi-host-integration-get-acct-agg-groups
GET /v2024/multi-host-integration-get-entitlement-agg-groups
GET /v2024/multi-host-integration-list-sources
GET /v2024/multi-host-integration-sources-creation-error
GET /v2024/multi-host-integration-test-connection-source
POST /v2024/multi-host-integration-test-connection
GET /v2024/multi-host-integration-types
GET /v2024/multi-host-integration
POST /v2024/multi-host-integration
GET /v2024/multi-host-integrations
POST /v2024/multi-host-integrations
DELETE /v2024/multi-host-integrations
PATCH /v2024/multi-host-integrations
GET /v2024/native-change-detection-config
PUT /v2024/native-change-detection-config
GET /v2024/non-employee-approval-list
GET /v2024/non-employee-approval-summary
GET /v2024/non-employee-approve-get
POST /v2024/non-employee-approve-request
PUT /v2024/non-employee-record
PATCH /v2024/non-employee-record
GET /v2024/non-employee-records
POST /v2024/non-employee-reject-request
GET /v2024/non-employee-request-summary-get
GET /v2024/non-employee-request
GET /v2024/non-employee-requests
POST /v2024/non-employee-requests
GET /v2024/non-employee-source
POST /v2024/non-employee-sources-bulk-upload-non-employees
GET /v2024/non-employee-sources-schema-attribute
GET /v2024/non-employee-sources-schema-attributes
GET /v2024/non-employee-sources
POST /v2024/non-employee-sources
GET /v2024/notification-preference
PUT /v2024/notification-preference
GET /v2024/notification-preferences
GET /v2024/notification-template-context
GET /v2024/notification-template-defaults
POST /v2024/notification-templates-bulk-delete
GET /v2024/notification-templates
POST /v2024/notification-templates
GET /v2024/oauth-client
DELETE /v2024/oauth-client
PATCH /v2024/oauth-client
GET /v2024/oauth-clients
POST /v2024/oauth-clients
GET /v2024/org-config-valid-time-zones
GET /v2024/org-config
PATCH /v2024/org-config
GET /v2024/password-dictionary
PUT /v2024/password-dictionary
GET /v2024/password-org-config
POST /v2024/password-org-config
PUT /v2024/password-org-config
GET /v2024/password-policies
POST /v2024/password-policies
GET /v2024/password-policy
PUT /v2024/password-policy
DELETE /v2024/password-policy
POST /v2024/password-reset-digit-token
GET /v2024/password-sync-group
PUT /v2024/password-sync-group
DELETE /v2024/password-sync-group
GET /v2024/password-sync-groups
POST /v2024/password-sync-groups
GET /v2024/peer-group-strategies
GET /v2024/pending-access-request-approvals
DELETE /v2024/personal-access-token
PATCH /v2024/personal-access-token
GET /v2024/personal-access-tokens
POST /v2024/personal-access-tokens
POST /v2024/provisioning-policies
GET /v2024/public-identities-config
PUT /v2024/public-identities-config
GET /v2024/public-identities
DELETE /v2024/reassignment-configuration-config-type
GET /v2024/reassignment-configuration-evaluate
GET /v2024/reassignment-configuration-types
GET /v2024/reassignment-configuration
PUT /v2024/reassignment-configuration
GET /v2024/reassignment-configurations
POST /v2024/reassignment-configurations
GET /v2024/recommendations-config
PUT /v2024/recommendations-config
POST /v2024/recommendations-request
POST /v2024/remove-account
POST /v2024/remove-accounts
POST /v2024/reports-cancel
GET /v2024/reports-get-file
GET /v2024/reports-result
GET /v2024/requestable-object-list
POST /v2024/reset-entitlements
GET /v2024/role-access-profiles
GET /v2024/role-assigned-identities
POST /v2024/role-bulk-delete
GET /v2024/role-mining-potential-role-entitlement-popularities
GET /v2024/role-mining-potential-role-source-identity-usage
GET /v2024/role-mining-potential-role-summaries
GET /v2024/role-mining-potential-role
PATCH /v2024/role-mining-potential-role
GET /v2024/role-mining-potential-roles-draft
GET /v2024/role-mining-session-potential-role-applications
GET /v2024/role-mining-session-potential-role-entitlements
GET /v2024/role
DELETE /v2024/role
PATCH /v2024/role
GET /v2024/roles-by-identity
GET /v2024/roles
POST /v2024/roles
GET /v2024/s3-proxy
GET /v2024/saved-searches
POST /v2024/saved-searches
GET /v2024/schemas
POST /v2024/schemas
POST /v2024/search-aggregate
POST /v2024/search-count
GET /v2024/searchAttributeConfig-get-patch-delete
DELETE /v2024/searchAttributeConfig-get-patch-delete
PATCH /v2024/searchAttributeConfig-get-patch-delete
GET /v2024/searchAttributeConfig
POST /v2024/searchAttributeConfig
GET /v2024/service-desk-integration-configuration
PUT /v2024/service-desk-integration-configuration
GET /v2024/service-desk-integration-template
GET /v2024/service-desk-integration-types
GET /v2024/service-desk-integration
PUT /v2024/service-desk-integration
DELETE /v2024/service-desk-integration
PATCH /v2024/service-desk-integration
GET /v2024/service-desk-integrations
POST /v2024/service-desk-integrations
PATCH /v2024/sim-integrations-before-provisioning-rule
GET /v2024/sim-integrations-value-list
POST /v2024/sim-integrations-value-list
GET /v2024/sim-integrations
PUT /v2024/sim-integrations
DELETE /v2024/sim-integrations
PATCH /v2024/sim-integrations
POST /v2024/sod-all-report-run
GET /v2024/sod-all-report-status
GET /v2024/sod-download-custom-report
GET /v2024/sod-download-default-report
GET /v2024/sod-policies
POST /v2024/sod-policies
POST /v2024/sod-policy-evaluate
GET /v2024/sod-policy
PUT /v2024/sod-policy
DELETE /v2024/sod-policy
PATCH /v2024/sod-policy
POST /v2024/sod-report-run
GET /v2024/sod-schedule
PUT /v2024/sod-schedule
DELETE /v2024/sod-schedule
GET /v2024/sod-violation-report-status
GET /v2024/sod-violation-report
POST /v2024/sod-violations-check
GET /v2024/source-accounts-schema
POST /v2024/source-accounts-schema
GET /v2024/source-connections
POST /v2024/source-connector-check-connection
POST /v2024/source-connector-initiate-extract
POST /v2024/source-connector-peek-resource-objects
POST /v2024/source-connector-ping-cluster
POST /v2024/source-connector-test-configuration
GET /v2024/source-connectors-source-config
GET /v2024/source-entitlements-schema
POST /v2024/source-entitlements-schema
GET /v2024/source-health
GET /v2024/source-machine-account-classify
POST /v2024/source-machine-account-classify
DELETE /v2024/source-machine-account-classify
GET /v2024/source-schedule
DELETE /v2024/source-schedule
PATCH /v2024/source-schedule
GET /v2024/source-schedules
POST /v2024/source-schedules
POST /v2024/source-synchronize-attributes
POST /v2024/source-upload-connector-file
GET /v2024/source-usage-status
GET /v2024/source-usages
GET /v2024/source
PUT /v2024/source
DELETE /v2024/source
PATCH /v2024/source
GET /v2024/sources-available
GET /v2024/sources-entitlement-request-config
PUT /v2024/sources-entitlement-request-config
PATCH /v2024/sources-policy-holders
POST /v2024/sources
GET /v2024/sp-config-export-download
GET /v2024/sp-config-export-status
POST /v2024/sp-config-export
GET /v2024/sp-config-import-download
GET /v2024/sp-config-import-status
POST /v2024/sp-config-import
GET /v2024/sp-config-objects
POST /v2024/suggested-entitlement-description-approvals
POST /v2024/suggested-entitlement-description-assignments
GET /v2024/suggested-entitlement-description-batches-stats
GET /v2024/suggested-entitlement-description-batches
POST /v2024/suggested-entitlement-description-batches
GET /v2024/suggested-entitlement-descriptions
PATCH /v2024/suggested-entitlement-descriptions
GET /v2024/system-accounts
GET /v2024/system-notification-config
PUT /v2024/system-notification-config
GET /v2024/tagged-object
PUT /v2024/tagged-object
DELETE /v2024/tagged-object
GET /v2024/tagged-objects-type
GET /v2024/tagged-objects
POST /v2024/tagged-objects
POST /v2024/tags-get-shared
GET /v2024/task-definition
PATCH /v2024/task-definition
GET /v2024/task-definitions
POST /v2024/task-execution-cancel
POST /v2024/task-execution-run
PATCH /v2024/task-status
GET /v2024/tenant-configuration
PUT /v2024/tenant-configuration
GET /v2024/tenant-context
PATCH /v2024/tenant-context
GET /v2024/tenant
GET /v2024/transform
PUT /v2024/transform
DELETE /v2024/transform
GET /v2024/transforms
POST /v2024/transforms
GET /v2024/trigger-invocations-status
POST /v2024/trigger-invocations-test
PUT /v2024/trigger-subscription
DELETE /v2024/trigger-subscription
PATCH /v2024/trigger-subscription
POST /v2024/trigger-subscriptions-internal
POST /v2024/trigger-subscriptions-validate-filter
GET /v2024/trigger-subscriptions
POST /v2024/trigger-subscriptions
GET /v2024/triggers
GET /v2024/vendor-connector-mappings
POST /v2024/vendor-connector-mappings
DELETE /v2024/vendor-connector-mappings
GET /v2024/verified-domains
POST /v2024/verified-domains
DELETE /v2024/configuration-hub/backup-id
GET /v2024/configuration-hub/backup-uploads-id
DELETE /v2024/configuration-hub/backup-uploads-id
GET /v2024/configuration-hub/backup-uploads
POST /v2024/configuration-hub/backup-uploads
GET /v2024/configuration-hub/backup
GET /v2024/configuration-hub/deploy-id
GET /v2024/configuration-hub/deploy
POST /v2024/configuration-hub/deploy
DELETE /v2024/configuration-hub/draft-id
GET /v2024/configuration-hub/draft
POST /v2024/configuration-hub/object-mapping-bulk-create
POST /v2024/configuration-hub/object-mapping-bulk-update
DELETE /v2024/configuration-hub/object-mapping-delete
GET /v2024/configuration-hub/object-mapping
POST /v2024/configuration-hub/object-mapping
DELETE /v2024/configuration-hub/scheduled-actions-id
PATCH /v2024/configuration-hub/scheduled-actions-id
GET /v2024/configuration-hub/scheduled-actions
POST /v2024/configuration-hub/scheduled-actions
GET /v2024/role-access-model-metadata/role-bulk-update-status
POST /v2024/role-access-model-metadata/role-id-access-model-metadata
DELETE /v2024/role-access-model-metadata/role-id-access-model-metadata
GET /v2024/sod/arm-risk
POST /v2024/sod/predict-violations
GET /v2024/ui-metadata/tenant-ui-metadata
PUT /v2024/ui-metadata/tenant-ui-metadata
POST /v2024/workflows/workflow-execution-cancel
GET /v2024/workflows/workflow-execution-history
GET /v2024/workflows/workflow-execution
GET /v2024/workflows/workflow-executions
POST /v2024/workflows/workflow-external-execute-test
POST /v2024/workflows/workflow-external-execute
POST /v2024/workflows/workflow-external-oauth-client
GET /v2024/workflows/workflow-library-actions
GET /v2024/workflows/workflow-library-operators
GET /v2024/workflows/workflow-library-triggers
GET /v2024/workflows/workflow-library
POST /v2024/workflows/workflow-test
GET /v2024/workflows/workflow
PUT /v2024/workflows/workflow
DELETE /v2024/workflows/workflow
PATCH /v2024/workflows/workflow
GET /v2024/workflows/workflows
POST /v2024/workflows/workflows
POST /v2024/workgroups/bulk-add-workgroup-members
GET /v2024/workgroups/connections
GET /v2024/workgroups/workgroup-members
POST /v2024/workgroups/workgroups-bulk-delete
GET /v2024/workgroups/workgroups
POST /v2024/workgroups/workgroups
POST /v2024/webhooks/access-request-decision
POST /v2024/webhooks/access-request-dynamic-approval
POST /v2024/webhooks/access-request-submitted
POST /v2024/webhooks/account-aggregation-completed
POST /v2024/webhooks/campaign-activated
POST /v2024/webhooks/campaign-ended
POST /v2024/webhooks/campaign-generated
POST /v2024/webhooks/certification-signed-off
POST /v2024/webhooks/form-submitted
POST /v2024/webhooks/identity-attributes-changed
POST /v2024/webhooks/identity-created
POST /v2024/webhooks/identity-deleted
POST /v2024/webhooks/native-change-account-created
POST /v2024/webhooks/native-change-account-deleted
POST /v2024/webhooks/native-change-account-updated
POST /v2024/webhooks/outlier-detected
POST /v2024/webhooks/provisioning-completed
POST /v2024/webhooks/scheduled-search
POST /v2024/webhooks/source-account-created
POST /v2024/webhooks/source-account-deleted
POST /v2024/webhooks/source-account-updated
POST /v2024/webhooks/source-created
POST /v2024/webhooks/source-deleted
POST /v2024/webhooks/source-updated
POST /v2024/webhooks/va-cluster-status-change
/v2025 endpoints
GET /v2025/access-model-metadata-list
POST /v2025/access-model-metadata-update-filter
POST /v2025/access-model-metadata-update-ids
POST /v2025/access-model-metadata-update-query
GET /v2025/access-model-metadata-value-list
GET /v2025/access-model-metadata-value
GET /v2025/access-model-metadata
POST /v2025/access-profile-bulk-update-requestable
GET /v2025/access-request-approval-summary
GET /v2025/access-request-approvers-list
POST /v2025/access-request-bulk-approve
POST /v2025/access-request-cancel
POST /v2025/access-request-close
GET /v2025/access-request-config
PUT /v2025/access-request-config
GET /v2025/access-request-identity-metrics
GET /v2025/access-request-status-administrator
GET /v2025/access-request-status
POST /v2025/access-requests-accounts-selection
POST /v2025/access-requests
POST /v2025/access-roles-change-segment-assignments
GET /v2025/account-aggregation-status
GET /v2025/account-usages
GET /v2025/account
PUT /v2025/account
DELETE /v2025/account
PATCH /v2025/account
POST /v2025/accounts-id-disable
POST /v2025/accounts-id-enable
GET /v2025/accounts-id-entitlements
POST /v2025/accounts-id-reload
POST /v2025/accounts-id-unlock
GET /v2025/accounts
POST /v2025/accounts
GET /v2025/ai-access-request-recommendations-config
PUT /v2025/ai-access-request-recommendations-config
GET /v2025/ai-access-request-recommendations-ignored
POST /v2025/ai-access-request-recommendations-ignored
GET /v2025/ai-access-request-recommendations-requested
POST /v2025/ai-access-request-recommendations-requested
POST /v2025/ai-access-request-recommendations-viewed-bulk-create
GET /v2025/ai-access-request-recommendations-viewed
POST /v2025/ai-access-request-recommendations-viewed
GET /v2025/ai-access-request-recommendations
GET /v2025/approval
GET /v2025/approvals-config-id-type
PATCH /v2025/approvals-config-id-type
POST /v2025/approvals-id-approve
POST /v2025/approvals-id-attributes
POST /v2025/approvals-id-comments
POST /v2025/approvals-id-reassign
POST /v2025/approvals-id-reject
GET /v2025/approvals
POST /v2025/approve-access-request-approval
GET /v2025/attr-sync-config-source
PUT /v2025/attr-sync-config-source
GET /v2025/auth-org-lockout-config
PATCH /v2025/auth-org-lockout-config
GET /v2025/auth-org-network-config
POST /v2025/auth-org-network-config
PATCH /v2025/auth-org-network-config
GET /v2025/auth-org-service-provider-config
PATCH /v2025/auth-org-service-provider-config
GET /v2025/auth-org-session-config
PATCH /v2025/auth-org-session-config
GET /v2025/auth-profile
PATCH /v2025/auth-profile
GET /v2025/auth-profiles
GET /v2025/auth-user
PATCH /v2025/auth-user
POST /v2025/bulk-cancel-access-request
POST /v2025/campaign-activate
POST /v2025/campaign-admin-cert-reassign
POST /v2025/campaign-complete
GET /v2025/campaign-filter
POST /v2025/campaign-filter
POST /v2025/campaign-filters-delete
GET /v2025/campaign-filters
POST /v2025/campaign-filters
GET /v2025/campaign-reports-configuration
PUT /v2025/campaign-reports-configuration
GET /v2025/campaign-reports
POST /v2025/campaign-run-remediation-scan
POST /v2025/campaign-run-report
POST /v2025/campaign-template-generate
GET /v2025/campaign-template-schedule
PUT /v2025/campaign-template-schedule
DELETE /v2025/campaign-template-schedule
GET /v2025/campaign-template
DELETE /v2025/campaign-template
PATCH /v2025/campaign-template
GET /v2025/campaign-templates
POST /v2025/campaign-templates
GET /v2025/campaign
PATCH /v2025/campaign
POST /v2025/campaigns-delete
GET /v2025/campaigns
POST /v2025/campaigns
GET /v2025/certification-task
GET /v2025/certification-tasks
POST /v2025/certifications-reassign-async
GET /v2025/certifications-reviewers
GET /v2025/completed-access-request-approvals
GET /v2025/connector-customizers-id
PUT /v2025/connector-customizers-id
DELETE /v2025/connector-customizers-id
POST /v2025/connector-customizers-versions
GET /v2025/connector-customizers
POST /v2025/connector-customizers
POST /v2025/connector-rule-validate
GET /v2025/connector-rule
PUT /v2025/connector-rule
DELETE /v2025/connector-rule
GET /v2025/connector-rules
POST /v2025/connector-rules
GET /v2025/connector
DELETE /v2025/connector
PATCH /v2025/connector
GET /v2025/connectors-correlation-config
PUT /v2025/connectors-correlation-config
GET /v2025/connectors-source-config
PUT /v2025/connectors-source-config
GET /v2025/connectors-source-template
PUT /v2025/connectors-source-template
GET /v2025/connectors-translations
PUT /v2025/connectors-translations
GET /v2025/connectors
POST /v2025/connectors
GET /v2025/correlation-config
PUT /v2025/correlation-config
GET /v2025/custom-password-instruction
DELETE /v2025/custom-password-instruction
POST /v2025/custom-password-instructions
GET /v2025/dimension-access-profiles
POST /v2025/dimension-bulk-delete
GET /v2025/dimension-entitlements
GET /v2025/dimension
DELETE /v2025/dimension
PATCH /v2025/dimension
GET /v2025/dimensions
POST /v2025/dimensions
GET /v2025/discovered-application
PATCH /v2025/discovered-application
GET /v2025/discovered-applications
POST /v2025/ears-entitlement-bulk-update
GET /v2025/ears-entitlement-children
GET /v2025/ears-entitlement-parents
GET /v2025/ears-entitlement
PATCH /v2025/ears-entitlement
POST /v2025/ears-source-app-access-profiles-bulk-remove
GET /v2025/ears-source-app-access-profiles
POST /v2025/ears-source-app-bulk-update
GET /v2025/ears-source-app
DELETE /v2025/ears-source-app
PATCH /v2025/ears-source-app
GET /v2025/ears-source-apps-all
GET /v2025/ears-source-apps-assigned
GET /v2025/ears-source-apps
POST /v2025/ears-source-apps
GET /v2025/ears-user-app-available-accounts
PATCH /v2025/ears-user-app
GET /v2025/ears-user-apps-all
GET /v2025/ears-user-apps
POST /v2025/entitlement-access-model-metadata
DELETE /v2025/entitlement-access-model-metadata
GET /v2025/entitlement-request-config
PUT /v2025/entitlement-request-config
POST /v2025/entitlement
GET /v2025/entitlements
POST /v2025/featurestore-api-feature-values
POST /v2025/form-definition-data-source
GET /v2025/form-definition-file
POST /v2025/form-definition-files
POST /v2025/form-definition-forms-action-dynamic-schema
GET /v2025/form-definition
DELETE /v2025/form-definition
PATCH /v2025/form-definition
GET /v2025/form-definitions-export
POST /v2025/form-definitions-import
GET /v2025/form-definitions-predefined-select-options
POST /v2025/form-definitions-template
GET /v2025/form-definitions
POST /v2025/form-definitions
GET /v2025/form-instance-data-source
GET /v2025/form-instance-file
GET /v2025/form-instance
PATCH /v2025/form-instance
GET /v2025/form-instances
POST /v2025/form-instances
GET /v2025/historical-identities
GET /v2025/historical-identity-access-items
GET /v2025/historical-identity-events
GET /v2025/historical-identity
PUT /v2025/icon
DELETE /v2025/icon
POST /v2025/identities-accounts-disable
POST /v2025/identities-accounts-enable
POST /v2025/identities-process
GET /v2025/identities-role-assignment
GET /v2025/identities-role-assignments
GET /v2025/identities
POST /v2025/identity-accounts-id-disable
POST /v2025/identity-accounts-id-enable
GET /v2025/identity-attribute
PUT /v2025/identity-attribute
DELETE /v2025/identity-attribute
DELETE /v2025/identity-attributes-bulk-delete
GET /v2025/identity-attributes
POST /v2025/identity-attributes
GET /v2025/identity-certification
GET /v2025/identity-certifications-access-review-items
GET /v2025/identity-certifications-access-summaries
POST /v2025/identity-certifications-decide
GET /v2025/identity-certifications-decision-summary
GET /v2025/identity-certifications-identity-summaries
GET /v2025/identity-certifications-identity-summary
GET /v2025/identity-certifications-item-permissions
POST /v2025/identity-certifications-reassign-async
POST /v2025/identity-certifications-sign-off
GET /v2025/identity-ownership
PATCH /v2025/identity-patch
GET /v2025/identity-profile-default-config
GET /v2025/identity-profile-lifecycle-state
POST /v2025/identity-profile-process-identities
DELETE /v2025/identity-profile
PATCH /v2025/identity-profile
POST /v2025/identity-profiles-bulk-delete
GET /v2025/identity-profiles-export
DELETE /v2025/identity-profiles-id
PATCH /v2025/identity-profiles-id
POST /v2025/identity-profiles-identity-preview
POST /v2025/identity-profiles-import
POST /v2025/identity-profiles
POST /v2025/identity-reset
POST /v2025/identity-set-lifecycle-state
GET /v2025/identity
DELETE /v2025/identity
POST /v2025/launcher-launch
GET /v2025/launcher
PUT /v2025/launcher
DELETE /v2025/launcher
GET /v2025/launchers
POST /v2025/launchers
POST /v2025/load-accounts
POST /v2025/load-entitlements-by-sources
POST /v2025/load-entitlements
POST /v2025/load-uncorrelated-accounts
POST /v2025/machine-account-classify
GET /v2025/machine-account-mapping
POST /v2025/machine-account-mapping
DELETE /v2025/machine-account-mapping
GET /v2025/machine-account
PATCH /v2025/machine-account
GET /v2025/machine-accounts
GET /v2025/machine-classification-config
PUT /v2025/machine-classification-config
DELETE /v2025/machine-classification-config
GET /v2025/machine-identities
POST /v2025/machine-identities
GET /v2025/machine-identity
DELETE /v2025/machine-identity
PATCH /v2025/machine-identity
PUT /v2025/machine-mappings
GET /v2025/mail-from-attribute
PUT /v2025/mail-from-attributes
GET /v2025/managed-client-health-indicators
GET /v2025/managed-client-status
GET /v2025/managed-client
DELETE /v2025/managed-client
PATCH /v2025/managed-client
POST /v2025/managed-clients-certificate
POST /v2025/managed-clients-credentials
GET /v2025/managed-clients-get-encryption-keys
GET /v2025/managed-clients-metrics-credentials
GET /v2025/managed-clients-path
DELETE /v2025/managed-clients-path
PATCH /v2025/managed-clients-path
POST /v2025/managed-clients-provision
POST /v2025/managed-clients-submit-activation-code
GET /v2025/managed-clients
POST /v2025/managed-clients
DELETE /v2025/managed-cluster-cache
GET /v2025/managed-cluster-jobs
GET /v2025/managed-cluster-log-config
PUT /v2025/managed-cluster-log-config
POST /v2025/managed-cluster-manualUpgrade
GET /v2025/managed-cluster-path-full
DELETE /v2025/managed-cluster-path-full
PATCH /v2025/managed-cluster-path-full
DELETE /v2025/managed-cluster-path-internal
PATCH /v2025/managed-cluster-path-internal
GET /v2025/managed-cluster-path
GET /v2025/managed-cluster-processes
POST /v2025/managed-cluster-reboot
GET /v2025/managed-cluster-status
GET /v2025/managed-cluster-types-path
DELETE /v2025/managed-cluster-types-path
PATCH /v2025/managed-cluster-types-path
GET /v2025/managed-cluster-types
POST /v2025/managed-cluster-types
POST /v2025/managed-cluster-upgrade
GET /v2025/managed-cluster
DELETE /v2025/managed-cluster
PATCH /v2025/managed-cluster
POST /v2025/managed-clusters-create
GET /v2025/managed-clusters-full
POST /v2025/managed-clusters-full
POST /v2025/managed-clusters-set-encryption-keys
GET /v2025/managed-clusters
POST /v2025/managed-clusters
GET /v2025/managed-processes-path
DELETE /v2025/managed-processes-path
PATCH /v2025/managed-processes-path
GET /v2025/managed-processes
POST /v2025/managed-processes
GET /v2025/manual-discover-applications-template
POST /v2025/manual-discover-applications
GET /v2025/message-catalog
DELETE /v2025/mfa-config-delete
GET /v2025/mfa-config-test
GET /v2025/mfa-duo-config
PUT /v2025/mfa-duo-config
POST /v2025/mfa-duo-verify
POST /v2025/mfa-kba-authenticate
POST /v2025/mfa-kba-config-answers
GET /v2025/mfa-kba-config
GET /v2025/mfa-okta-config
PUT /v2025/mfa-okta-config
POST /v2025/mfa-okta-verify
POST /v2025/mfa-poll
POST /v2025/mfa-token-authenticate
POST /v2025/mfa-token-send
GET /v2025/multi-host-integration-get-acct-agg-groups
GET /v2025/multi-host-integration-get-entitlement-agg-groups
GET /v2025/multi-host-integration-list-sources
GET /v2025/multi-host-integration-sources-creation-error
GET /v2025/multi-host-integration-test-connection-source
POST /v2025/multi-host-integration-test-connection
GET /v2025/multi-host-integration-types
GET /v2025/multi-host-integration
POST /v2025/multi-host-integration
GET /v2025/multi-host-integrations
POST /v2025/multi-host-integrations
DELETE /v2025/multi-host-integrations
PATCH /v2025/multi-host-integrations
GET /v2025/native-change-detection-config
PUT /v2025/native-change-detection-config
GET /v2025/non-employee-approval-list
GET /v2025/non-employee-approval-summary
GET /v2025/non-employee-approve-get
POST /v2025/non-employee-approve-request
PUT /v2025/non-employee-record
PATCH /v2025/non-employee-record
GET /v2025/non-employee-records
POST /v2025/non-employee-reject-request
GET /v2025/non-employee-request-summary-get
GET /v2025/non-employee-request
GET /v2025/non-employee-requests
POST /v2025/non-employee-requests
GET /v2025/non-employee-source
POST /v2025/non-employee-sources-bulk-upload-non-employees
GET /v2025/non-employee-sources-schema-attribute
GET /v2025/non-employee-sources-schema-attributes
GET /v2025/non-employee-sources
POST /v2025/non-employee-sources
GET /v2025/notification-preference
PUT /v2025/notification-preference
GET /v2025/notification-preferences
GET /v2025/notification-template-context
GET /v2025/notification-template-defaults
POST /v2025/notification-templates-bulk-delete
GET /v2025/notification-templates
POST /v2025/notification-templates
GET /v2025/oauth-client
DELETE /v2025/oauth-client
PATCH /v2025/oauth-client
GET /v2025/oauth-clients
POST /v2025/oauth-clients
GET /v2025/org-config-valid-time-zones
GET /v2025/org-config
PATCH /v2025/org-config
GET /v2025/password-dictionary
PUT /v2025/password-dictionary
GET /v2025/password-org-config
POST /v2025/password-org-config
PUT /v2025/password-org-config
GET /v2025/password-policies
POST /v2025/password-policies
GET /v2025/password-policy
PUT /v2025/password-policy
DELETE /v2025/password-policy
POST /v2025/password-reset-digit-token
GET /v2025/password-sync-group
PUT /v2025/password-sync-group
DELETE /v2025/password-sync-group
GET /v2025/password-sync-groups
POST /v2025/password-sync-groups
GET /v2025/peer-group-strategies
GET /v2025/pending-access-request-approvals
DELETE /v2025/personal-access-token
PATCH /v2025/personal-access-token
GET /v2025/personal-access-tokens
POST /v2025/personal-access-tokens
POST /v2025/provisioning-policies
GET /v2025/public-identities-config
PUT /v2025/public-identities-config
GET /v2025/public-identities
DELETE /v2025/reassignment-configuration-config-type
GET /v2025/reassignment-configuration-evaluate
GET /v2025/reassignment-configuration-types
GET /v2025/reassignment-configuration
PUT /v2025/reassignment-configuration
GET /v2025/reassignment-configurations
POST /v2025/reassignment-configurations
GET /v2025/recommendations-config
PUT /v2025/recommendations-config
POST /v2025/recommendations-request
POST /v2025/remove-account
POST /v2025/remove-accounts
POST /v2025/reports-cancel
GET /v2025/reports-get-file
GET /v2025/reports-result
GET /v2025/requestable-object-list
POST /v2025/reset-entitlements
GET /v2025/revocable-objects
GET /v2025/role-access-profiles
GET /v2025/role-assigned-identities
POST /v2025/role-bulk-delete
GET /v2025/role-mining-potential-role-entitlement-popularities
GET /v2025/role-mining-potential-role-source-identity-usage
GET /v2025/role-mining-potential-role-summaries
GET /v2025/role-mining-potential-role
PATCH /v2025/role-mining-potential-role
GET /v2025/role-mining-potential-roles-draft
GET /v2025/role-mining-session-potential-role-applications
GET /v2025/role-mining-session-potential-role-entitlements
GET /v2025/role
DELETE /v2025/role
PATCH /v2025/role
GET /v2025/roles-by-identity
GET /v2025/roles
POST /v2025/roles
GET /v2025/s3-proxy
GET /v2025/saved-searches
POST /v2025/saved-searches
GET /v2025/schemas
POST /v2025/schemas
POST /v2025/search-aggregate
POST /v2025/search-count
GET /v2025/searchAttributeConfig-get-patch-delete
DELETE /v2025/searchAttributeConfig-get-patch-delete
PATCH /v2025/searchAttributeConfig-get-patch-delete
GET /v2025/searchAttributeConfig
POST /v2025/searchAttributeConfig
GET /v2025/service-desk-integration-configuration
PUT /v2025/service-desk-integration-configuration
GET /v2025/service-desk-integration-template
GET /v2025/service-desk-integration-types
GET /v2025/service-desk-integration
PUT /v2025/service-desk-integration
DELETE /v2025/service-desk-integration
PATCH /v2025/service-desk-integration
GET /v2025/service-desk-integrations
POST /v2025/service-desk-integrations
PATCH /v2025/sim-integrations-before-provisioning-rule
GET /v2025/sim-integrations-value-list
POST /v2025/sim-integrations-value-list
GET /v2025/sim-integrations
PUT /v2025/sim-integrations
DELETE /v2025/sim-integrations
PATCH /v2025/sim-integrations
POST /v2025/sod-all-report-run
GET /v2025/sod-all-report-status
GET /v2025/sod-download-custom-report
GET /v2025/sod-download-default-report
GET /v2025/sod-policies
POST /v2025/sod-policies
POST /v2025/sod-policy-evaluate
GET /v2025/sod-policy
PUT /v2025/sod-policy
DELETE /v2025/sod-policy
PATCH /v2025/sod-policy
POST /v2025/sod-report-run
GET /v2025/sod-schedule
PUT /v2025/sod-schedule
DELETE /v2025/sod-schedule
GET /v2025/sod-violation-report-status
GET /v2025/sod-violation-report
POST /v2025/sod-violations-check
GET /v2025/source-accounts-schema
POST /v2025/source-accounts-schema
GET /v2025/source-connections
POST /v2025/source-connector-check-connection
POST /v2025/source-connector-initiate-extract
POST /v2025/source-connector-peek-resource-objects
POST /v2025/source-connector-ping-cluster
POST /v2025/source-connector-test-configuration
GET /v2025/source-connectors-source-config
GET /v2025/source-entitlements-schema
POST /v2025/source-entitlements-schema
GET /v2025/source-health
GET /v2025/source-machine-account-classify
POST /v2025/source-machine-account-classify
DELETE /v2025/source-machine-account-classify
GET /v2025/source-machine-account-subtype-id
GET /v2025/source-machine-account-subtype
DELETE /v2025/source-machine-account-subtype
PATCH /v2025/source-machine-account-subtype
GET /v2025/source-machine-account-subtypes
POST /v2025/source-machine-account-subtypes
GET /v2025/source-schedule
DELETE /v2025/source-schedule
PATCH /v2025/source-schedule
GET /v2025/source-schedules
POST /v2025/source-schedules
POST /v2025/source-synchronize-attributes
POST /v2025/source-upload-connector-file
GET /v2025/source-usage-status
GET /v2025/source-usages
GET /v2025/source
PUT /v2025/source
DELETE /v2025/source
PATCH /v2025/source
GET /v2025/sources-available
GET /v2025/sources-entitlement-request-config
PUT /v2025/sources-entitlement-request-config
PATCH /v2025/sources-policy-holders
POST /v2025/sources
GET /v2025/sp-config-export-download
GET /v2025/sp-config-export-status
POST /v2025/sp-config-export
GET /v2025/sp-config-import-download
GET /v2025/sp-config-import-status
POST /v2025/sp-config-import
GET /v2025/sp-config-objects
POST /v2025/suggested-entitlement-description-approvals
POST /v2025/suggested-entitlement-description-assignments
GET /v2025/suggested-entitlement-description-batches-stats
GET /v2025/suggested-entitlement-description-batches
POST /v2025/suggested-entitlement-description-batches
GET /v2025/suggested-entitlement-descriptions
PATCH /v2025/suggested-entitlement-descriptions
GET /v2025/system-accounts
GET /v2025/system-notification-config
PUT /v2025/system-notification-config
GET /v2025/tagged-object
PUT /v2025/tagged-object
DELETE /v2025/tagged-object
GET /v2025/tagged-objects-type
GET /v2025/tagged-objects
POST /v2025/tagged-objects
POST /v2025/tags-get-shared
GET /v2025/task-definition
PATCH /v2025/task-definition
GET /v2025/task-definitions
POST /v2025/task-execution-cancel
POST /v2025/task-execution-run
PATCH /v2025/task-status
GET /v2025/tenant-configuration
PUT /v2025/tenant-configuration
GET /v2025/tenant-context
PATCH /v2025/tenant-context
GET /v2025/tenant
GET /v2025/transform
PUT /v2025/transform
DELETE /v2025/transform
GET /v2025/transforms
POST /v2025/transforms
GET /v2025/trigger-invocations-status
POST /v2025/trigger-invocations-test
PUT /v2025/trigger-subscription
DELETE /v2025/trigger-subscription
PATCH /v2025/trigger-subscription
POST /v2025/trigger-subscriptions-internal
POST /v2025/trigger-subscriptions-validate-filter
GET /v2025/trigger-subscriptions
POST /v2025/trigger-subscriptions
GET /v2025/triggers
GET /v2025/vendor-connector-mappings
POST /v2025/vendor-connector-mappings
DELETE /v2025/vendor-connector-mappings
GET /v2025/verified-domains
POST /v2025/verified-domains
DELETE /v2025/configuration-hub/backup-id
GET /v2025/configuration-hub/backup-uploads-id
DELETE /v2025/configuration-hub/backup-uploads-id
GET /v2025/configuration-hub/backup-uploads
POST /v2025/configuration-hub/backup-uploads
GET /v2025/configuration-hub/backup
GET /v2025/configuration-hub/deploy-id
GET /v2025/configuration-hub/deploy
POST /v2025/configuration-hub/deploy
DELETE /v2025/configuration-hub/draft-id
GET /v2025/configuration-hub/draft
POST /v2025/configuration-hub/object-mapping-bulk-create
POST /v2025/configuration-hub/object-mapping-bulk-update
DELETE /v2025/configuration-hub/object-mapping-delete
GET /v2025/configuration-hub/object-mapping
POST /v2025/configuration-hub/object-mapping
DELETE /v2025/configuration-hub/scheduled-actions-id
PATCH /v2025/configuration-hub/scheduled-actions-id
GET /v2025/configuration-hub/scheduled-actions
POST /v2025/configuration-hub/scheduled-actions
GET /v2025/custom-user-levels/authorization-assignable-right-sets
POST /v2025/custom-user-levels/custom-user-levels-id-publish
GET /v2025/custom-user-levels/custom-user-levels-id
DELETE /v2025/custom-user-levels/custom-user-levels-id
PATCH /v2025/custom-user-levels/custom-user-levels-id
GET /v2025/custom-user-levels/custom-user-levels
POST /v2025/custom-user-levels/custom-user-levels
GET /v2025/role-access-model-metadata/role-bulk-update-status
POST /v2025/role-access-model-metadata/role-id-access-model-metadata
DELETE /v2025/role-access-model-metadata/role-id-access-model-metadata
GET /v2025/sod/arm-risk
POST /v2025/sod/predict-violations
GET /v2025/ui-metadata/tenant-ui-metadata
PUT /v2025/ui-metadata/tenant-ui-metadata
POST /v2025/workflows/workflow-execution-cancel
GET /v2025/workflows/workflow-execution-history-v2
GET /v2025/workflows/workflow-execution-history
GET /v2025/workflows/workflow-execution
GET /v2025/workflows/workflow-executions
POST /v2025/workflows/workflow-external-execute-test
POST /v2025/workflows/workflow-external-execute
POST /v2025/workflows/workflow-external-oauth-client
GET /v2025/workflows/workflow-library-actions
GET /v2025/workflows/workflow-library-operators
GET /v2025/workflows/workflow-library-triggers
GET /v2025/workflows/workflow-library
POST /v2025/workflows/workflow-test
GET /v2025/workflows/workflow
PUT /v2025/workflows/workflow
DELETE /v2025/workflows/workflow
PATCH /v2025/workflows/workflow
GET /v2025/workflows/workflows
POST /v2025/workflows/workflows
POST /v2025/workgroups/bulk-add-workgroup-members
GET /v2025/workgroups/connections
GET /v2025/workgroups/workgroup-members
POST /v2025/workgroups/workgroups-bulk-delete
GET /v2025/workgroups/workgroups
POST /v2025/workgroups/workgroups
POST /v2025/webhooks/access-request-decision
POST /v2025/webhooks/access-request-dynamic-approval
POST /v2025/webhooks/access-request-submitted
POST /v2025/webhooks/account-aggregation-completed
POST /v2025/webhooks/campaign-activated
POST /v2025/webhooks/campaign-ended
POST /v2025/webhooks/campaign-generated
POST /v2025/webhooks/certification-signed-off
POST /v2025/webhooks/form-submitted
POST /v2025/webhooks/identity-attributes-changed
POST /v2025/webhooks/identity-created
POST /v2025/webhooks/identity-deleted
POST /v2025/webhooks/native-change-account-created
POST /v2025/webhooks/native-change-account-deleted
POST /v2025/webhooks/native-change-account-updated
POST /v2025/webhooks/outlier-detected
POST /v2025/webhooks/provisioning-completed
POST /v2025/webhooks/scheduled-search
POST /v2025/webhooks/source-account-created
POST /v2025/webhooks/source-account-deleted
POST /v2025/webhooks/source-account-updated
POST /v2025/webhooks/source-created
POST /v2025/webhooks/source-deleted
POST /v2025/webhooks/source-updated
POST /v2025/webhooks/va-cluster-status-change
/v3 endpoints
GET /v3/access-request-approval-summary
POST /v3/access-request-cancel
POST /v3/access-request-close
GET /v3/access-request-config
PUT /v3/access-request-config
GET /v3/access-request-status
POST /v3/access-requests
GET /v3/account-usages
GET /v3/account
PUT /v3/account
DELETE /v3/account
PATCH /v3/account
POST /v3/accounts-id-disable
POST /v3/accounts-id-enable
GET /v3/accounts-id-entitlements
POST /v3/accounts-id-reload
POST /v3/accounts-id-unlock
GET /v3/accounts
POST /v3/accounts
POST /v3/approve-access-request-approval
GET /v3/auth-org-lockout-config
PATCH /v3/auth-org-lockout-config
GET /v3/auth-org-network-config
POST /v3/auth-org-network-config
PATCH /v3/auth-org-network-config
GET /v3/auth-org-service-provider-config
PATCH /v3/auth-org-service-provider-config
GET /v3/auth-org-session-config
PATCH /v3/auth-org-session-config
GET /v3/auth-user
PATCH /v3/auth-user
POST /v3/campaign-activate
POST /v3/campaign-admin-cert-reassign
POST /v3/campaign-complete
GET /v3/campaign-filter
POST /v3/campaign-filter
POST /v3/campaign-filters-delete
GET /v3/campaign-filters
POST /v3/campaign-filters
GET /v3/campaign-reports-configuration
PUT /v3/campaign-reports-configuration
GET /v3/campaign-reports
POST /v3/campaign-run-remediation-scan
POST /v3/campaign-run-report
POST /v3/campaign-template-generate
GET /v3/campaign-template-schedule
PUT /v3/campaign-template-schedule
DELETE /v3/campaign-template-schedule
GET /v3/campaign-template
DELETE /v3/campaign-template
PATCH /v3/campaign-template
GET /v3/campaign-templates
POST /v3/campaign-templates
GET /v3/campaign
PATCH /v3/campaign
POST /v3/campaigns-delete
GET /v3/campaigns
POST /v3/campaigns
GET /v3/certification-task
GET /v3/certification-tasks
POST /v3/certifications-reassign-async
GET /v3/certifications-reviewers
GET /v3/completed-access-request-approvals
GET /v3/connector
DELETE /v3/connector
PATCH /v3/connector
GET /v3/connectors-correlation-config
PUT /v3/connectors-correlation-config
GET /v3/connectors-source-config
PUT /v3/connectors-source-config
GET /v3/connectors-source-template
PUT /v3/connectors-source-template
GET /v3/connectors-translations
PUT /v3/connectors-translations
GET /v3/connectors
POST /v3/connectors
GET /v3/correlation-config
PUT /v3/correlation-config
GET /v3/discovered-applications
GET /v3/identity-certification
GET /v3/identity-certifications-access-review-items
GET /v3/identity-certifications-access-summaries
POST /v3/identity-certifications-decide
GET /v3/identity-certifications-decision-summary
GET /v3/identity-certifications-identity-summaries
GET /v3/identity-certifications-identity-summary
GET /v3/identity-certifications-item-permissions
POST /v3/identity-certifications-sign-off
GET /v3/identity-profile-default-config
GET /v3/identity-profile-lifecycle-state
POST /v3/identity-profile-process-identities
DELETE /v3/identity-profile
PATCH /v3/identity-profile
POST /v3/identity-profiles-bulk-delete
GET /v3/identity-profiles-export
POST /v3/identity-profiles-identity-preview
POST /v3/identity-profiles-import
POST /v3/identity-profiles
POST /v3/identity-set-lifecycle-state
GET /v3/managed-client-status
GET /v3/managed-client
DELETE /v3/managed-client
PATCH /v3/managed-client
GET /v3/managed-clients
POST /v3/managed-clients
GET /v3/managed-cluster-log-config
PUT /v3/managed-cluster-log-config
GET /v3/managed-cluster
DELETE /v3/managed-cluster
PATCH /v3/managed-cluster
GET /v3/managed-clusters
POST /v3/managed-clusters
GET /v3/manual-discover-applications-template
POST /v3/manual-discover-applications
DELETE /v3/mfa-config-delete
GET /v3/mfa-config-test
GET /v3/mfa-duo-config
PUT /v3/mfa-duo-config
POST /v3/mfa-duo-verify
POST /v3/mfa-kba-authenticate
POST /v3/mfa-kba-config-answers
GET /v3/mfa-kba-config
GET /v3/mfa-okta-config
PUT /v3/mfa-okta-config
POST /v3/mfa-okta-verify
POST /v3/mfa-poll
POST /v3/mfa-token-authenticate
POST /v3/mfa-token-send
GET /v3/non-employee-approval-list
GET /v3/non-employee-approval-summary
GET /v3/non-employee-approve-get
POST /v3/non-employee-approve-request
PUT /v3/non-employee-record
PATCH /v3/non-employee-record
GET /v3/non-employee-records
POST /v3/non-employee-reject-request
GET /v3/non-employee-request-summary-get
GET /v3/non-employee-request
GET /v3/non-employee-requests
POST /v3/non-employee-requests
GET /v3/non-employee-source
POST /v3/non-employee-sources-bulk-upload-non-employees
GET /v3/non-employee-sources-schema-attribute
GET /v3/non-employee-sources-schema-attributes
GET /v3/non-employee-sources
POST /v3/non-employee-sources
GET /v3/oauth-client
DELETE /v3/oauth-client
PATCH /v3/oauth-client
GET /v3/oauth-clients
POST /v3/oauth-clients
GET /v3/password-dictionary
PUT /v3/password-dictionary
GET /v3/password-org-config
POST /v3/password-org-config
PUT /v3/password-org-config
GET /v3/password-policies
POST /v3/password-policies
GET /v3/password-policy
PUT /v3/password-policy
DELETE /v3/password-policy
GET /v3/password-sync-group
PUT /v3/password-sync-group
DELETE /v3/password-sync-group
GET /v3/password-sync-groups
POST /v3/password-sync-groups
GET /v3/pending-access-request-approvals
DELETE /v3/personal-access-token
PATCH /v3/personal-access-token
GET /v3/personal-access-tokens
POST /v3/personal-access-tokens
POST /v3/provisioning-policies
GET /v3/public-identities-config
PUT /v3/public-identities-config
GET /v3/public-identities
POST /v3/reports-cancel
GET /v3/reports-get-file
GET /v3/reports-result
GET /v3/requestable-object-list
GET /v3/role-assigned-identities
POST /v3/role-bulk-delete
GET /v3/role
DELETE /v3/role
PATCH /v3/role
GET /v3/roles
POST /v3/roles
GET /v3/saved-searches
POST /v3/saved-searches
GET /v3/schemas
POST /v3/schemas
POST /v3/search-aggregate
POST /v3/search-count
GET /v3/searchAttributeConfig-get-patch-delete
DELETE /v3/searchAttributeConfig-get-patch-delete
PATCH /v3/searchAttributeConfig-get-patch-delete
GET /v3/searchAttributeConfig
POST /v3/searchAttributeConfig
GET /v3/service-desk-integration-configuration
PUT /v3/service-desk-integration-configuration
GET /v3/service-desk-integration-template
GET /v3/service-desk-integration-types
GET /v3/service-desk-integration
PUT /v3/service-desk-integration
DELETE /v3/service-desk-integration
PATCH /v3/service-desk-integration
GET /v3/service-desk-integrations
POST /v3/service-desk-integrations
POST /v3/sod-all-report-run
GET /v3/sod-all-report-status
GET /v3/sod-download-custom-report
GET /v3/sod-download-default-report
GET /v3/sod-policies
POST /v3/sod-policies
POST /v3/sod-policy-evaluate
GET /v3/sod-policy
PUT /v3/sod-policy
DELETE /v3/sod-policy
PATCH /v3/sod-policy
POST /v3/sod-report-run
GET /v3/sod-schedule
PUT /v3/sod-schedule
DELETE /v3/sod-schedule
GET /v3/sod-violation-report-status
GET /v3/sod-violation-report
POST /v3/sod-violations-check
GET /v3/source-accounts-schema
POST /v3/source-accounts-schema
GET /v3/source-connections
GET /v3/source-entitlements-schema
POST /v3/source-entitlements-schema
GET /v3/source-health
POST /v3/source-upload-connector-file
GET /v3/source-usage-status
GET /v3/source-usages
GET /v3/source
PUT /v3/source
DELETE /v3/source
PATCH /v3/source
POST /v3/sources
GET /v3/tagged-object
PUT /v3/tagged-object
DELETE /v3/tagged-object
GET /v3/tagged-objects-type
GET /v3/tagged-objects
POST /v3/tagged-objects
GET /v3/transform
PUT /v3/transform
DELETE /v3/transform
GET /v3/transforms
POST /v3/transforms
GET /v3/vendor-connector-mappings
POST /v3/vendor-connector-mappings
DELETE /v3/vendor-connector-mappings
POST /v3/work-item-forward
GET /v3/configuration-hub/backup-uploads-id
DELETE /v3/configuration-hub/backup-uploads-id
GET /v3/configuration-hub/backup-uploads
POST /v3/configuration-hub/backup-uploads
POST /v3/configuration-hub/object-mapping-bulk-create
POST /v3/configuration-hub/object-mapping-bulk-update
DELETE /v3/configuration-hub/object-mapping-delete
GET /v3/configuration-hub/object-mapping
POST /v3/configuration-hub/object-mapping
POST /v3/workflows/workflow-execution-cancel
GET /v3/workflows/workflow-execution-history
GET /v3/workflows/workflow-execution
GET /v3/workflows/workflow-executions
POST /v3/workflows/workflow-external-execute-test
POST /v3/workflows/workflow-external-execute
POST /v3/workflows/workflow-external-oauth-client
GET /v3/workflows/workflow-library-actions
GET /v3/workflows/workflow-library-operators
GET /v3/workflows/workflow-library-triggers
GET /v3/workflows/workflow-library
POST /v3/workflows/workflow-test
GET /v3/workflows/workflow
PUT /v3/workflows/workflow
DELETE /v3/workflows/workflow
PATCH /v3/workflows/workflow
GET /v3/workflows/workflows
POST /v3/workflows/workflows
Anyone feel free to check my math… here’s the python script I used. You just download the API Specs from GitHub and point the script to wherever you save them
py .\get_userAuth_only_endpoints.py "C:\Temp\api-specs-main\api-specs-main\idn"
import os
import yaml
import sys
def load_yaml_file(filepath):
try:
with open(filepath, 'r', encoding='utf-8') as f:
return yaml.safe_load(f)
except Exception as e:
print(f"Failed to parse YAML file {filepath}: {e}")
return None
def infer_path_from_structure(file_path, root_dir):
relative_path = os.path.relpath(file_path, root_dir)
components = relative_path.split(os.sep)
cleaned = [os.path.splitext(c)[0] for c in components if c.lower() not in ['get', 'post', 'put', 'delete', 'patch']]
return '/' + '/'.join(cleaned)
def find_userAuth_only_endpoints(directory):
userauth_only_endpoints = []
total_endpoints = 0
for root, _, files in os.walk(directory):
for filename in files:
if filename.endswith(('.yaml', '.yml')):
file_path = os.path.join(root, filename)
data = load_yaml_file(file_path)
if not data:
continue
for method in ['get', 'post', 'put', 'delete', 'patch']:
if method in data:
total_endpoints += 1
method_obj = data[method]
security = method_obj.get('security')
if security:
all_schemes = set()
for scheme in security:
all_schemes.update(scheme.keys())
if 'userAuth' in all_schemes and 'applicationAuth' not in all_schemes:
path = data.get('path') or infer_path_from_structure(file_path, directory)
userauth_only_endpoints.append({
'path': path,
'method': method.upper(),
'file': os.path.relpath(file_path, directory)
})
return userauth_only_endpoints, total_endpoints
def main():
if len(sys.argv) < 2:
print("Usage: python get_userAuth_only_endpoints.py <directory>")
return
directory = sys.argv[1]
endpoints, total = find_userAuth_only_endpoints(directory)
if not endpoints:
print("No endpoints found that use only userAuth.")
else:
print(f"\nFound {len(endpoints)} endpoint(s) that use only userAuth:\n")
for e in endpoints:
print(f" {e['method']} {e['path']}")
print(f"\nTotal endpoints checked: {total}")
print(f"Endpoints using only userAuth: {len(endpoints)}")
if __name__ == "__main__":
main()
10 Likes
Thanks a lot for the input, @mcheek and @angelo_mekenkamp
However, Mark, your list seemed incredibly broad, so I wagered the documentation could be an issue rather than the API and did a very quick test.
GET /beta/accounts is on your list but does work for me with a token from an API Key. I would assume most GETs do not need a PAT (just an assumption! Could be wrong!), and on the other hand I can definitely see why Access request create, the 1st example you listed, would absolutely require a user context hence a PAT.
It seems a whole lot of clarification is needed from Sailpoint’s API documentation team, which Angelo apparently already pinged.
1 Like
My data is only as good as their data. If their specs aren’t an accurate representation of reality, then they should probably update them.
If someone is considering writing an integration and they see in the specs a particular endpoint isn’t supported by applicationAuth, they’re likely not going to try it because they take the published specs as accurate. Many of us know well enough to try anyway, but not everyone.
2 Likes
Great stuff @mcheek !
Now we need someone to call all these APIs with API credentials to see which ones give an unauthorised response 
. I guess parameters, body and such can be ignored as the auth check will be first anyway right? As long as you pass the method, base url+endpoint and access token you should get a clear response? Maybe content-type checks will run first though.
Not only that, but if the documentation says only user auth is supported and doesn’t mention app auth, many people won’t be comfortable putting into production a solution that uses application auth there even if it does currently work because if it’s not documented, it’s not officially supported and can stop working at any time.
2 Likes
Hello everyone!
TLDR:
I spent some time looking into all of our APIs across all versions and I’ve updated the documentation from the work I have done thus far. You can see the api spec diff here
The results running the same script Mark Cheek provided:
Total endpoints checked: 3144
Endpoints using only userAuth: 1602
Which is closer to 50%, this is still not what I would expect. I am continuing to work with individual engineering teams to determine whether or not their APIs should work with client credentials.
My method:
I took a look individually at the backend code of each endpoint to see what underlying security (right) is needed. Then I use a tool I made to determine what scope, the part that is documented and assignable via token, that right falls under.
We had some APIs documented with the right to call the endpoint and not the scope. This would be confusing as when you went to go create the token with scopes the right name documented wouldn’t be there. I’ve cleaned up nearly all of these and we are putting checks in place to make sure that only scopes are documented by our engineers writing the specs.
Finally we have the main question, what can be called via client credentials (applicationAuth). I was able to take the right and map that to the idn:api user level associated with client credentials to loop through and see what APIs are callable.
As I mentioned, I still have more work to do on this. I wanted to update the community with what I had found thus far.
Stay tuned!
7 Likes
That’s great! Thanks a lot for the work and the update.