Extending identityAttribute

Hi All

When performing a get for the identityAttribue’s in postman, it returns an error of 403 forbidden. Is there another api url I should be using?

GET /cc/api/identityAttribute/list

Regards

Graeme

1 Like

Hey Graeme,

Seems like you have an authentication issue.

Note that this is a version 1 based endpoint API, considered a ‘private’ API. There is currently not a V3 equivalent endpoint( you would see this via SailPoint - SaaS API or SailPoint - Beta SaaS API )
if you want to list all identity attributes using the v1 endpoint, indeed you can use this GET call:

curl --location --request GET 'https://orgname-sb.api.identitynow.com/cc/api/identityAttribute/list' \
--header 'Authorization: Bearer REDACTED'

Please do have a look at articles shared below on working with the IdentityNow API and the authentication options required.

Kind Regards,

Omar Khote , CISSP

3 Likes

Hi Omar,

it seems we have authenticated successfully because we make other api calls. like fetching identities.

We only get the below error when using that specific url.

403 Forbidden

The request was a legal request, but the server is refusing to respond to it. Unlike a 401 Unauthorized respone, authenticating will make no difference.

when using the private APIs remove the ‘.api’ from the url:
<your_org>.identitynow.com instead of <your_org>.api.identitynow.com

@dgomez - That is not correct. All API calls have to go through the SailPoint API gateway (*.api.identitynow.com) these days.

@graeme.jury1 - Make sure that you have a valid JWT token issued from the OAuth 2.0 endpoint in our SailPoint API gateway (*.api.identitynow.com). If you get stuck, drop the token here, and we can show you a neat trick for troubleshooting this.

Hi Neil

I thought I had the token issue sorted as I can list and create transform’s.

Here is the token im using:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRfaWQiOiI1MDQ0ZTgyNi1jN2Y4LTQ0NWUtYWUyMi1lNWQ3NGQxNzhiZDIiLCJpbnRlcm5hbCI6ZmFsc2UsInBvZCI6InN0ZzAxLWV1Y2VudHJhbDEiLCJvcmciOiJ0aWdlcmJyYW5kcy1zYiIsImF1dGhvcml0aWVzIjpbIkFQSSJdLCJlbmFibGVkIjp0cnVlLCJjbGllbnRfaWQiOiI3M2NkNDZiNC0xOTJlLTQ0MGYtYTMwYS0zZDZjZDZiZTAxYWYiLCJhY2Nlc3NUeXBlIjoiT0ZGTElORSIsInN0cm9uZ19hdXRoX3N1cHBvcnRlZCI6ZmFsc2UsImNsYWltc19zdXBwb3J0ZWQiOmZhbHNlLCJzY29wZSI6WyJCZz09Il0sImV4cCI6MTYyNzM3NDIxMiwianRpIjoiOGxldkZYQzZFSC84c2JYSWNOcEw1ajFZQzBVPSJ9.PzxUZb6yUiScb9GwOC51YM3eP8pk-rdqNfxr8o06Ik0

Regards

Graeme Jury

Hey @graeme.jury1,

just following up here, I did also notice there is a question mark appended to the end of your URL in the GET request in the screenshot (although this would not be the root issue). However as @neil.mcglennon has mentioned this is likely a token issue.

Please confirm how the token was generated?

Please see Authentication | Sailpoint API References for some further tips on troubleshooting.

At the time of writing this post and having tested again, the API call works fine using :

curl --location --request GET 'https://orgname-sb.api.identitynow.com/cc/api/identityAttribute/list' \
--header 'Authorization: Bearer REDACTED'

if trying to retrieve a single identity attribute the API call would be :

curl --location --request GET '{{api-url}}/cc/api/identityAttribute/get?name=firstname' \
--header 'Authorization: Bearer REDACTED' \

It may be that your POSTMAN client has a setup here such as a proxy configuration, or similar that could cause the issue.