Pending Access Request Approvals List
GEThttps://sailpoint.api.identitynow.com/beta/access-request-approvals/pending
This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info.
Request
Query Parameters
- ORG_ADMIN users can call this with any identity ID value.
- ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
- Non-ORG_ADMIN users can only specify me or pass their own identity ID value.
If present, the value returns only pending approvals for the specified identity.
Possible values: <= 250
Max number of results to return. See V3 API Standard Collection Parameters for more information.
250
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
0
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
false
Filter results using the standard syntax described in V3 API Standard Collection Parameters
Filtering is supported for the following fields and operators:
id: eq, in
requestedFor.id: eq, in
modified: gt, lt, ge, le, eq, in
Sort results using the standard syntax described in V3 API Standard Collection Parameters
Sorting is supported for the following fields: created, modified
Responses
- 200
- 401
- 403
- 429
- 500
List of Pending Approvals.
- application/json
- Schema
- Example (auto)
Schema
- Array [
- ]
The approval id.
2c9180835d2e5168015d32f890ca1581
The name of the approval.
Pending approval name
When the approval was created.
2017-07-11T18:45:37.098Z
When the approval was modified last time.
2018-07-25T20:22:28.104Z
When the access-request was created.
2017-07-11T18:45:35.098Z
Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.
Possible values: [GRANT_ACCESS
, REVOKE_ACCESS
, null
]
GRANT_ACCESS
requester object
requestedFor object
owner object
requestedObject object
requesterComment object
previousReviewersComments object[]
forwardHistory object[]
When true the rejector has to provide comments when rejecting
false
true
Enum represents action that is being processed on an approval.
Possible values: [APPROVED
, REJECTED
, FORWARDED
]
APPROVED
The date the role or access profile or entitlement is no longer assigned to the specified identity.
2020-07-11T00:00:00Z
If true, then the request is to change the remove date or sunset date.
false
true
The remove date or sunset date that was assigned at the time of the request.
2020-07-11T00:00:00Z
sodViolationContext objectnullable
clientMetadata objectnullable
requestedAccounts object[]nullable
[
{
"id": "2c9180835d2e5168015d32f890ca1581",
"name": "Pending approval name",
"created": "2017-07-11T18:45:37.098Z",
"modified": "2018-07-25T20:22:28.104Z",
"requestCreated": "2017-07-11T18:45:35.098Z",
"requestType": "GRANT_ACCESS",
"requester": {
"type": "IDENTITY",
"id": "2c7180a46faadee4016fb4e018c20648",
"name": "William Wilson"
},
"requestedFor": {
"type": "IDENTITY",
"id": "2c4180a46faadee4016fb4e018c20626",
"name": "Robert Robinson"
},
"owner": {
"type": "IDENTITY",
"id": "2c9180a46faadee4016fb4e018c20639",
"name": "Support"
},
"requestedObject": {
"id": "2c938083633d259901633d25c68c00fa",
"name": "Object Name",
"description": "Object Description",
"type": "ROLE"
},
"requesterComment": {
"comment": "This is a comment.",
"created": "2017-07-11T18:45:37.098Z",
"author": {
"type": "IDENTITY",
"id": "2c9180847e25f377017e2ae8cae4650b",
"name": "john.doe"
}
},
"previousReviewersComments": [
{
"comment": "This is a comment.",
"created": "2017-07-11T18:45:37.098Z",
"author": {
"type": "IDENTITY",
"id": "2c9180847e25f377017e2ae8cae4650b",
"name": "john.doe"
}
}
],
"forwardHistory": [
{
"oldApproverName": "Frank Mir",
"newApproverName": "Al Volta",
"comment": "Forwarding from Frank to Al",
"modified": "2019-08-23T18:52:57.398Z",
"forwarderName": "William Wilson",
"reassignmentType": "AUTOMATIC_REASSIGNMENT"
}
],
"commentRequiredWhenRejected": true,
"actionInProcess": "APPROVED",
"removeDate": "2020-07-11T00:00:00Z",
"removeDateUpdateRequested": true,
"currentRemoveDate": "2020-07-11T00:00:00Z",
"sodViolationContext": {
"state": "SUCCESS",
"uuid": "f73d16e9-a038-46c5-b217-1246e15fdbdd",
"violationCheckResult": {
"message": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An error has occurred during the SOD violation check"
}
],
"clientMetadata": {
"requestedAppName": "test-app",
"requestedAppId": "2c91808f7892918f0178b78da4a305a1"
},
"violationContexts": [
{
"policy": {
"type": "SOD_POLICY",
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "Business SOD Policy"
},
"conflictingAccessCriteria": {
"leftCriteria": {
"criteriaList": [
{
"existing": true,
"type": "ENTITLEMENT",
"id": "2c918085771e9d3301773b3cb66f6398",
"name": "My HR Entitlement"
}
]
},
"rightCriteria": {
"criteriaList": [
{
"existing": true,
"type": "ENTITLEMENT",
"id": "2c918085771e9d3301773b3cb66f6398",
"name": "My HR Entitlement"
}
]
}
}
}
],
"violatedPolicies": [
{
"type": "SOD_POLICY",
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "Business SOD Policy"
}
]
}
},
"clientMetadata": {
"customKey1": "custom value 1",
"customKey2": "custom value 2"
},
"requestedAccounts": [
{
"name": "Glen.067da3248e914",
"type": "ACCOUNT",
"accountUuid": "{fab7119e-004f-4822-9c33-b8d570d6c6a6}",
"accountId": "CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local",
"sourceName": "Multi Account AD source name"
}
]
}
]
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (auto)
Schema
A message describing the error
JWT validation failed: JWT is expired
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (auto)
- 403
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (auto)
Schema
A message describing the error
Rate Limit Exceeded
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (auto)
- 500
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}
Authorization: oauth2
type: Personal Access Tokenscopes: sp:scopes:all
- go
- powershellSailPoint SDK
- pythonSailPoint SDK
- csharp
- curl
- dart
- http
- java
- javascript
- kotlin
- c
- nodejs
- objective-c
- ocaml
- php
- r
- ruby
- rust
- shell
- swift
- NATIVE
package main
import (
"fmt"
"net/http"
"io"
)
func main() {
url := "https://sailpoint.api.identitynow.com/beta/access-request-approvals/pending"
method := "GET"
client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)
if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Accept", "application/json")
req.Header.Add("Authorization", "Bearer <TOKEN>")
res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()
body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}