WebService Create Account using Multiple Endpoints

venkateshk · August 2, 2023, 10:03pm

Hi Everyone,

I’m trying to create account in an application with entitlement request. The request is initially going to “Create Account” Operation which is executing successfully and giving unique id in response which need to be passed in the body of “Add Entitlement” Operation.

---- Response from Create Account Operation ----
{
    "Links": [],
    "RequestedObject": {
        "Id": 9999
    },
    "IsSuccessful": true,
    "ValidationMessages": []
}

I have tried passing “Add Entitlement” operation body in the below format and failing with 400 Bad Request error.

{
    "UserId": $response.Id$
    "GroupId": $plan.GroupId$
}

Does anybody have thoughts on how the response need to be passed between different operation types?

dheerajk27 · August 3, 2023, 3:14am

Hi @venkateshk,

Welcome to Sailpoint Developer Community.

Error code 400 Bad Request response status code indicates that the server cannot or will not process the request due to something that is perceived to be a client error (for example, malformed request syntax, invalid request message framing, or deceptive request routing).

Have you tried to add entitlement using postman with this body, if so can you please share request and response for the same?

Jarin_James · August 3, 2023, 4:49am

Hi @venkateshk

Welcome to SailPoint Development Community!!

I guess you will not get responses returned from Create Operation Type in Add Entitlement Type. You could look at the below options.

If you have a single endpoint which can create account and add entitlement. Use that endpoint. Fo using that you will have add the below attriute to true in application xml.

<entry key="createAccountWithEntReq">   
  <value> 
    <Boolean>true</Boolean> 
  </value> 
</entry>

The other option you can look at is configure an additional Endpoint for Add Entitlement. The first Endpoint will get the User Id and pass that vaue to the next Endpoint to add it to the group.
For Example: For an account Creation the following will happen.

Create Account Endpoint - Account Created
Add Entitlement Endpoint - Get User Id
Add Entitlement Endpoint - Add User to group

This option is useful for other scenarios where an existing user is raising request for entitlements.
When going with this approach you have make sure you do the response mapping for the first Add Entitlement Endpoint , something like below.

Only then you will be able to use it by using $response.id$. You can verify the body , response etc in the before rule for the second endpoint. The oldResponseMap will contain earlier response object and requestEndPoint will contain the information like header, body etc

venkateshk · August 3, 2023, 4:02pm

Hi @Jarin_James

Thanks for the suggestions.

I have different endpoints for each (Create Account and Add Entitlement).

Second option also doesn’t work for me as their is no endpoint to “GetUserId”. I just need to retrieve it from response of “Create Account” operation.

I tried the first option which you suggested enabling the entry key and creating 2 Create Account operations.

Below is the 1st create account operation response configuration, which is executing successfully.

The request is going to the second Create Operation, but the $response.Id$ is not being replaced.

I have enabled log in Before Ops rule and I see the oldResponseMap value is coming as null.

Jarin_James · August 3, 2023, 4:31pm

Hi @venkateshk

In this case the Root Path value should be $.RequestedObject . Try using this in root path. And also try to find what is being received in the second endpoint. You can use sysout statement to print oldResponseMap in the before rule for the second endpoint.

venkateshk · August 3, 2023, 5:44pm

Hi @Jarin_James,

Not sure why I modified the root path and posted. I was using the same root path which I used for my get all users $.[*].RequestedObject earlier and now I have updated to $.RequestedObject which should be the case and it is working now.

I can see oldResponseMap in the log and $.response.Id$ is also getting replaced with expected value.

Final solution for my issue is enabling below entry key and creating multiple create account operations.

<entry key="createAccountWithEntReq">   
  <value> 
    <Boolean>true</Boolean> 
  </value> 
</entry>

Thanks!
Venkat

Jarin_James · August 3, 2023, 6:25pm

@venkateshk

Good to know that the issue is resolved. Please mark the response which helped you as solution and close this thread. This will help others looking for solution.

rodriguezc · September 19, 2023, 2:50pm

Hello Jarin, I’m a bit confused,

Is this valid for IdentityNow as well? or only for IdentityIQ?

The Root Path should be $.RequestedObject in the second create operation or in the first one?

Thanks!

system · November 18, 2023, 2:50pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to add multiple entitlements to Create Account IIQ Discussion and Questions webservice-connector	6	813	July 19, 2023
Web Service how to store json response from create account http operation ISC Discussion and Questions webservice-connector , identity-security-cloud	7	102	April 23, 2024
WebService-Connector - Create Account Operation is not triggering ISC Discussion and Questions webservice-connector , apis , identity-security-cloud , provisioning	6	425	September 22, 2023
Create Account API Clarifications ISC Discussion and Questions apis , identity-security-cloud , accounts	14	411	December 10, 2023
Account selection for Entitlement based request on application with multiple accounts IIQ Discussion and Questions access-requests	1	524	July 19, 2023

WebService Create Account using Multiple Endpoints

Related Topics