WebService: best practices for building a database-driven REST API

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

8.4.

Share all details about your problem, including any error messages you may have received.

Hello Community :
What are the best practices for building a database-driven REST API that integrates with SailPoint IdentityIQ? Specifically:

  1. Is there a recommended framework or pattern (e.g., Maven, Spring, or plain web application) for SailPoint integration?
  2. Is the following endpoint structure and response format appropriate for SailPoint integration?
  • /aggregate for bulk user retrieval
  • /aggregate/{userId} for individual user retrieval
  • /aggregateGroups for group retrieval
  • Wrapping user data in a ‘trakkwsAccounts’ object
  • Wrapping group data in a ‘trakkwsGroups’ object
  1. Are these additional endpoints necessary for full SailPoint functionality?
  • /createService (POST) for user creation
  • /addEntitlementService (POST) for adding entitlements
  • /removeEntitlementService (POST) for removing entitlements
  • /remove/{userId} (DELETE) for user deletion
  1. Are there any official SailPoint documents or guides for building a custom Web Services connector?
2

If you are looking to develop REST api for fetch the data from IdentityIQ database, then you can either develop REST based custom web services or a plugin(although developing a plugin involves creating many other components).
There are certain REST apis provided by SailPoint but they may not cater to your entire needs, and for custom REST api here’s the documentation https://community.sailpoint.com/t5/Technical-White-Papers/IdentityIQ-REST-API-Integration/ta-p/76814#toc-hId-1258512663

3

I was asking the other way around, building the Rest API for a target application so sailpoint can consume the API.
Do we need to share any sailpoint jar files, or is there a structure we need to share them?

4

SailPoint jar files are not required for developing a REST api connecting to a target system. Once developed SailPoint can consume them.
There is no particular structure as such, it would be recommended if the API supports pagination, an attribute to represent if the account is enabled/disabled, basic/oauth2 authentication mechanism, get single account api, Create account/group functionality with appropriate response, delete if applicable., these are few which can be performed by SailPoint. You can refer WebService documentation too if you are looking for something specific Integrating SailPoint with Web Services

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.