*8.3 P2
*I have a requirement to provide the API details of SailPoint IIQ, so that the project team can access those API’s and fetch the required data.
Hello @SivatejaG
Welcome to Sailpoint Developer Community.
For providing read only access follow below steps:-
Create a Identity in IIQ
Create or select a dedicated identity (e.g., iiq_api_readuser)
Assign a Read-Only Role or Capability
To limit API access, you need to assign only read-only capabilities.
Assign Capability to the Identity
Edit the identity (iiq_api_readuser)
Assign your custom capability (API_ReadOnly)
Enable API Access for the User
There are two common API modes in IIQ:
a) REST APIs (/identityiq/rest/)
Ensure that:
REST is enabled in WEB-INF/web.xml
The user has access to the endpoints you expect to use.
Hi Ashish,
Thank you for the reply. Can you also let me know how can we enable the API access for the user?
Hello @SivatejaG
Enable the REST API Servlet in web.xml
In your IdentityIQ installation directory, edit this file:
<IIQ_HOME>/WEB-INF/web.xml
Look for the REST servlet block. It should look like this:
<servlet>
<servlet-name>rest</servlet-name>
<servlet-class>sailpoint.rest.RestServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>rest</servlet-name>
<url-pattern>/identityiq/rest/*</url-pattern>
</servlet-mapping>
Then redeploy the application (or restart the app server) to reflect changes.
The API access can be granted through the following capabilities. I doubt if you can control “read only” access to specific objects once these capabilities are granted.
SCIMExecutor (SCIM Executor )
WebServicesExecutor (WebServices Executor)
Post this activity, do we need to perform any changes in the Global Settings->API authentication?
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.