WebService Create Account using Multiple Endpoints

Hi Everyone,

I’m trying to create account in an application with entitlement request. The request is initially going to “Create Account” Operation which is executing successfully and giving unique id in response which need to be passed in the body of “Add Entitlement” Operation.

---- Response from Create Account Operation ----
    "Links": [],
    "RequestedObject": {
        "Id": 9999
    "IsSuccessful": true,
    "ValidationMessages": []

I have tried passing “Add Entitlement” operation body in the below format and failing with 400 Bad Request error.

    "UserId": $response.Id$
    "GroupId": $plan.GroupId$

Does anybody have thoughts on how the response need to be passed between different operation types?

Hi @venkateshk,

Welcome to Sailpoint Developer Community.

Error code 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (for example, malformed request syntax, invalid request message framing, or deceptive request routing).

Have you tried to add entitlement using postman with this body, if so can you please share request and response for the same?

Hi @venkateshk

Welcome to SailPoint Development Community!!

I guess you will not get responses returned from Create Operation Type in Add Entitlement Type. You could look at the below options.

  • If you have a single endpoint which can create account and add entitlement. Use that endpoint. Fo using that you will have add the below attriute to true in application xml.
<entry key="createAccountWithEntReq">   

The other option you can look at is configure an additional Endpoint for Add Entitlement. The first Endpoint will get the User Id and pass that vaue to the next Endpoint to add it to the group.
For Example: For an account Creation the following will happen.

  1. Create Account Endpoint - Account Created
  2. Add Entitlement Endpoint - Get User Id
  3. Add Entitlement Endpoint - Add User to group

This option is useful for other scenarios where an existing user is raising request for entitlements.
When going with this approach you have make sure you do the response mapping for the first Add Entitlement Endpoint , something like below.

Only then you will be able to use it by using $response.id$. You can verify the body , response etc in the before rule for the second endpoint. The oldResponseMap will contain earlier response object and requestEndPoint will contain the information like header, body etc

1 Like

Hi @Jarin_James

Thanks for the suggestions.

I have different endpoints for each (Create Account and Add Entitlement).

Second option also doesn’t work for me as their is no endpoint to “GetUserId”. I just need to retrieve it from response of “Create Account” operation.

I tried the first option which you suggested enabling the entry key and creating 2 Create Account operations.

Below is the 1st create account operation response configuration, which is executing successfully.

The request is going to the second Create Operation, but the $response.Id$ is not being replaced.

I have enabled log in Before Ops rule and I see the oldResponseMap value is coming as null.

Hi @venkateshk

In this case the Root Path value should be $.RequestedObject . Try using this in root path. And also try to find what is being received in the second endpoint. You can use sysout statement to print oldResponseMap in the before rule for the second endpoint.

Hi @Jarin_James,

Not sure why I modified the root path and posted. I was using the same root path which I used for my get all users $.[*].RequestedObject earlier and now I have updated to $.RequestedObject which should be the case and it is working now.

I can see oldResponseMap in the log and $.response.Id$ is also getting replaced with expected value.

Final solution for my issue is enabling below entry key and creating multiple create account operations.

<entry key="createAccountWithEntReq">   



Good to know that the issue is resolved. Please mark the response which helped you as solution and close this thread. This will help others looking for solution.

Hello Jarin, I’m a bit confused,

Is this valid for IdentityNow as well? or only for IdentityIQ?

The Root Path should be $.RequestedObject in the second create operation or in the first one?


This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.