We are having no luck in getting ‘list-identities’ method to work in the Python SDK - it returns error 403.
We have added the ‘list-entitlements’ method to the same python script and this works as expected.
The credentials we are using have scopes-all assigned and we are using the v2025 version in both cases. We have also tried the calls outside of the Paginator with the same results (works for list-entitlements, fails with 403 for list-identities).
Can anyone shine some light on what we are doing wrong?
Here is the sample code for your reference
from sailpoint.configuration import Configuration
from sailpoint.beta.api_client import ApiClient
from sailpoint.beta.api.identities_api import IdentitiesApi
from sailpoint.beta.api.accounts_api import AccountsApi
import pandas as pd
BATCH_SIZE = 250
def main():
configuration = Configuration()
results = []
with ApiClient(configuration) as api_client:
identities_api = IdentitiesApi(api_client)
accounts_api = AccountsApi(api_client)
offset = 0
print("🔍 Scanning identities...")
while True:
identities = identities_api.list_identities(
limit=BATCH_SIZE,
offset=offset
)
if not identities:
break
for identity in identities:
identity_id = identity.id
identity_name = identity.name
email = getattr(identity, "email_address", "")
lifecycle_obj = getattr(identity, "lifecycle_state", None)
lifecycle_state = getattr(lifecycle_obj, "state_name", "")
print("identity id" +identity_id);
offset += BATCH_SIZE
if name == “main”:
main()
I have stored client id, secret and base url in seperate file config.json within the same folder, and assigned scopes:all
Try the below code. It will get the list of identities and save it in a JSON file.
import json
from sailpoint.v2025.api.identities_api import IdentitiesApi
from sailpoint.v2025.api_client import ApiClient
from sailpoint.configuration import Configuration
configuration = Configuration()
with ApiClient(configuration) as api_client:
try:
results = IdentitiesApi(api_client).list_identities()
# Convert each identity to a dictionary
identities = [item.model_dump(by_alias=True) for item in results]
# Save to JSON file
with open("identities.json", "w", encoding="utf-8") as f:
json.dump(identities, f, indent=4, default=str)
print("✅ Identities saved to identities.json")
except Exception as e:
print("Exception when calling IdentitiesApi->list_identities: %s\n" % e)
If you are getting 403, it is possible that the token you are using is a client credential and not a PAT. The identities API expects a PAT token. Can you check on this? Also, the user to whom the PAT token belongs should have sufficient access
