Get Access Request Configuration

GET 
https://sailpoint.api.identitynow.com/beta/access-request-config

This endpoint returns the current access-request configuration.

Responses

200

Access Request Configuration Details.

application/json

Schema

Schema

approvalsMustBeExternalboolean
If this is true, approvals must be processed by an external system. Also, if this is true, it blocks Request Center access requests and returns an error for any user who isn't an org admin.
Default value: false
Example: true
autoApprovalEnabledboolean
If this is true and the requester and reviewer are the same, the request is automatically approved.
Default value: false
Example: true
reauthorizationEnabledboolean
If this is true, reauthorization will be enforced for appropriately configured access items. Enablement of this feature is currently in a limited state.
Default value: false
Example: true
requestOnBehalfOfConfig object
allowRequestOnBehalfOfAnyoneByAnyoneboolean
If this is true, anyone can request access for anyone.
Default value: false
Example: true
allowRequestOnBehalfOfEmployeeByManagerboolean
If this is true, a manager can request access for his or her direct reports.
Default value: false
Example: true
approvalReminderAndEscalationConfig object
daysUntilEscalationint32nullable
Number of days to wait before the first reminder. If no reminders are configured, then this is the number of days to wait before escalation.
Example: 0
daysBetweenRemindersint32nullable
Number of days to wait between reminder notifications.
Example: 0
maxRemindersint32nullable
Maximum number of reminder notification to send to the reviewer before approval escalation.
Possible values: >= 1
Example: 1
fallbackApproverRef objectnullable
typestring
The type can only be IDENTITY. This is read-only.
Example: IDENTITY
idstring
Identity ID.
Example: 5168015d32f890ca15812c9180835d2e
namestring
Identity's human-readable display name. This is read-only.
Example: Alison Ferguso
emailstring
Identity's email address. This is read-only.
Example: alison.ferguso@identitysoon.com
entitlementRequestConfig object
allowEntitlementRequestboolean
If this is true, entitlement requests are allowed.
Default value: false
Example: true
requestCommentsRequiredboolean
If this is true, comments are required to submit entitlement requests.
Default value: false
Example: false
deniedCommentsRequiredboolean
If this is true, comments are required to reject entitlement requests.
Default value: false
Example: false
grantRequestApprovalSchemesstringnullable
Approval schemes for granting entitlement request. This can be empty if no approval is needed. Multiple schemes must be comma-separated. The valid schemes are "entitlementOwner", "sourceOwner", "manager" and "workgroup:{id}". You can use multiple governance groups (workgroups).
Default value: sourceOwner
Example: entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584

Example (auto)

{
  "approvalsMustBeExternal": true,
  "autoApprovalEnabled": true,
  "reauthorizationEnabled": true,
  "requestOnBehalfOfConfig": {
    "allowRequestOnBehalfOfAnyoneByAnyone": true,
    "allowRequestOnBehalfOfEmployeeByManager": true
  },
  "approvalReminderAndEscalationConfig": {
    "daysUntilEscalation": 0,
    "daysBetweenReminders": 0,
    "maxReminders": 1,
    "fallbackApproverRef": {
      "type": "IDENTITY",
      "id": "5168015d32f890ca15812c9180835d2e",
      "name": "Alison Ferguso",
      "email": "alison.ferguso@identitysoon.com"
    }
  },
  "entitlementRequestConfig": {
    "allowEntitlementRequest": true,
    "requestCommentsRequired": false,
    "deniedCommentsRequired": false,
    "grantRequestApprovalSchemes": "entitlementOwner, sourceOwner, manager, workgroup:2c918084660f45d6016617daa9210584"
  }
}

400

Client Error - Returned if the request body is invalid.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

401

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema

Schema

error
A message describing the error
Example: JWT validation failed: JWT is expired

Example (auto)

{
  "error": "JWT validation failed: JWT is expired"
}

403

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

403

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

429

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema

Schema

message
A message describing the error
Example: Rate Limit Exceeded

Example (auto)

{
  "message": " Rate Limit Exceeded "
}

500

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

500

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Authorization: oauth2

type: Personal Access Token
scopes: idn:access-request-config:read

• go
• powershell
  SailPoint SDK
• python
  SailPoint SDK
• csharp
• curl
• dart
• http
• java
• javascript
• kotlin
• c
• nodejs
• objective-c
• ocaml
• php
• r
• ruby
• rust
• shell
• swift

• NATIVE

Request Collapse all

Base URL

https://sailpoint.api.identitynow.com/beta

Auth

Bearer Token

ResponseClear

Click the Send API Request button above and see the response here!