How to authenticate SailPoint IIQ Out-of-the-box API's using OAuth 2.0 Client Credentials instead of Basic Auth

tthakar · March 27, 2025, 9:33am

Which IIQ version are you inquiring about?

v8.3 p3

Please share any images or screenshots, if relevant.

Share all details about your problem, including any error messages you may have received.

We are using SailPoint Scim APIs to pull information from SailPoint instance. Recently a requirement has been added stating a need to change the API authentication type from Basic Auth to Oauth2.0. While searching more on the community we came across the steps to generate the OAuth client credentials in SailPoint IdentityIQ and an API endpoint to generate the authorization access token using OAuth Client credentials.

While we have been able to create the Client Credentials in our SailPoint Instance, we are facing challenges in constructing the access token generation API call as we do not see any documentation for this API on SailPoint compass.

API: “http://localhost:8080/identityiq/oauth2/token”

Help appreciated with any type of information on the construction of this API including required headers, body data, params, etc.

abartkowski · March 27, 2025, 9:45am

Hey @tthakar,

it would be helpful if you can share more details or http response you get.

Here is example of working request:

Green(identityiq)
Black(secret)

tthakar · March 27, 2025, 10:33am

Hi @abartkowski,

Actually we lack information about constructing this specific API, that is why this post was created.

Going further based on your suggestion I have tried building it similar in Postman (Auto-generated Curl code visible aside in screenshot).

But it looks like it ain’t working. (screen-snip added below)

Appreciate your help.

Amber (Client ID)
Blue (Client Secret)

Thank You in advance!

abartkowski · March 27, 2025, 2:37pm

Hey @tthakar

please check under settings for this request if the option with SSL is off.

tthakar · March 27, 2025, 2:42pm

Hello @abartkowski,

Yes it’s turned off.

tthakar · March 27, 2025, 3:10pm

Hey @abartkowski,

Well I changed the protocol from HTTPS to HTTP and the API call just worked.

BUT now it is a 400, not sure what’s wrong on the config as I tried to replicate what you suggested.
I’m still using No Auth as the Auth type.

abartkowski · March 28, 2025, 8:57am

Are you sure that your IdentityIQ instance is configured such that ‘identityiq’ follows ‘localhost:8080/’? A ‘Bad Request’ error does not sound good.

tthakar · March 28, 2025, 9:54am

Yes @abartkowski ! It is the correct path.