The API will use the API token details of the caller to determine the requester. You can’t set this directly in the API. However, you could use the clientMetadata object in the body to create a custom attribute to track who the real requester is. For example:
POST https://{tenant}.api.identitynow.com/v3/access-requests
{
"requestedFor": [
"2c918084660f45d6016617daa9210584"
],
"requestType": "GRANT_ACCESS",
"requestedItems": [
{
"type": "ACCESS_PROFILE",
"id": "2c9180835d2e5168015d32f890ca1581",
"comment": "Requesting access profile for John Doe",
"clientMetadata": {
"requestedAppName": "test-app",
"requestedAppId": "2c91808f7892918f0178b78da4a305a1"
},
"removeDate": "2020-07-11T21:23:15.000Z"
}
],
"clientMetadata": {
"requesterId": "3c918084660f45d6016617daa9210585",
"requesterName": "John Doe"
}
}
When you go to look up the status of the request using the account activities endpoint, you can find your custom attributes in the clientMetadata property in the response body.