Listing Identities

dspencer_anaqua · October 1, 2025, 9:45pm

Greetings,

Just getting going with the ISC APIS, and running into an issue listing all of the Identities in our dev Tenant:

Given the following request ( Derived from Postman Request )

curl --location ‘https://[TENANT PORTION].api.identitynow-demo.com/v2025/identities?limit=250&offset=0’ \

--header ‘Accept: application/json’ \

--header ‘Authorization: ••••••’

Receiving the following response:

`"detailCode": "403 Forbidden",`

"trackingId": "0a3fe85b98ce4bff8eeb73397d502fb9",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
},
{
"locale": "und",
"localeOrigin": "REQUEST",
"text": "The server understood the request but refuses to authorize it."
}
],
"causes": []

In terms of our general setup, I am have an API Client with the following scopes defined:

idn:identity:read,sp:scopes:all,idn:identity:manage

We are able to pull retrieve Accounts, using the Accounts List endpoint, as well as getting detailed information, using the Account Details endpoint.

Looking for a little guidance on the proper request, or anything that we may be missing here.

markomanium · October 1, 2025, 10:19pm

Hello @dspencer_anaqua, Could you maybe check if Your case is related to this? API read scopes - 403 forbidden error - Identity Security Cloud (ISC) / ISC Discussion and Questions - SailPoint Developer Community

sita_ram · October 2, 2025, 4:37am

Switch to a Personal Access Token (PAT) instead:

Go to your profile → Preferences → Personal Access Tokens
Create a new PAT with the same scopes (idn:identity:read, idn:identity:manage, or just sp:scopes:all)
Make sure the user creating the PAT has ORG_ADMIN or appropriate user level permissions
Use the PAT’s client ID/secret to authenticate—it works exactly like client credentials but carries the user context

The difference:

Client credentials = no user context.
PAT = tied to the user who created it.

Many ISC APIs require that user context for authorization, which is why Accounts endpoints work but Identities doesn’t.

Hope this helps.

dspencer_anaqua · October 2, 2025, 1:04pm

@sita_ram Thank you for the clarification. I, had created the PAT previously, but must have gotten lost in the shuffle was I was coming up to speed on the platform. All is good now!

sita_ram · October 2, 2025, 1:49pm

Great! Please mark this as the solution so it can help other developers. Thanks.

system · December 1, 2025, 1:50pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
403 Forbidden error in API call ISC Discussion and Questions apis , identity-security-cloud	5	83	November 27, 2025
API read scopes - 403 forbidden error ISC Discussion and Questions apis , identity-security-cloud	7	3711	December 11, 2023
Problem with token creation ISC Discussion and Questions identity-security-cloud	4	110	June 7, 2025
API Scopes Not Working Broken Feature ISC Discussion and Questions apis , identity-security-cloud	12	393	August 31, 2024
API Authentication for service-desk-integrations ISC Discussion and Questions apis , identity-security-cloud	5	360	December 19, 2023

Listing Identities

Related topics