Discrepancies IdentityNow APIs


Hi everyone!

I have noticed inconsistencies among the different IdentityNow APIs. I have created a list of discepancies between different IdentityNow APIs (see attachment). We would prefer to see consistent behaviour among these APIs for the following reasons:


IDN developers will be able to adopt/use new (or to them new) APIs easier if they behave in a similar way as the APIs they have already worked with. As example consider pagination. With parameters like offset, limit and count, we can easily export all transforms. If this pagination functionality is not taken over by objects such as workflows, we can’t retrieve them 5 at a time. We can’t use count to figure out how many workflows exists, and we would need to spend more time figuring out how to find this data.

Simplicity towards automation efforts

Scripts that use IdenityNow APIs can be simplified if APIs behave consistently. As example, if all references to identity objects are the same, we can simply call a method like identity.reference instead of having to call identity.reference_for_governance_group_patch and identity.reference_for_access_profile_patch

Decreases changes of bugs

If existing consistent behaviour is proven to be working, newer functionality can adopt the same conventions to have a bigger chance of having no bugs. In addition, automatic tests can be used by SailPoint to prove that the behaviour also works on the new functionality.

Discrepancies IdentityNow APIs.docx (406.1 KB)


Thank you for this detailed analysis. We will be reviewing this document over the coming months to help improve our APIs. If anyone has additional comments, we would love to hear them.

Some other discrepancies I have noticed:

Personal access tokens:
Doesn’t support count=true, offset and limit like almost all standard list objects do
Filtering on owner id is possible, but not supported in the standard way using the filters argument, but as a different parameter
There is no GET single PAT API.
Does not support filtering on name in the filters argument.

Does not offer the delete API (and bulk delete API) which the beta one does. Given that the other role APIs already have a v3 version, I suspect these ones might have been forgotten.

See the following post. It mainly does not support some task-id’s for well known API responses.

1 Like