Skip to main content

Pending Access Request Approvals List

GET 

https://sailpoint.api.identitynow.com/beta/access-request-approvals/pending

This endpoint returns a list of pending approvals. See "owner-id" query parameter below for authorization info.

Request

Query Parameters

    owner-id string

    If present, the value returns only pending approvals for the specified identity.

    • ORG_ADMIN users can call this with any identity ID value.
    • ORG_ADMIN users can also fetch all the approvals in the org, when owner-id is not used.
    • Non-ORG_ADMIN users can only specify me or pass their own identity ID value.
    limit int32

    Possible values: <= 250

    Max number of results to return. See V3 API Standard Collection Parameters for more information.

    Default value: 250
    Example: 250
    offset int32

    Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

    Default value: 0
    Example: 0
    count boolean

    If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

    Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

    See V3 API Standard Collection Parameters for more information.

    Default value: false
    Example: true
    filters string

    Filter results using the standard syntax described in V3 API Standard Collection Parameters

    Filtering is supported for the following fields and operators:

    id: eq, in

    requestedFor.id: eq, in

    modified: gt, lt, ge, le, eq, in

    sorters comma-separated

    Sort results using the standard syntax described in V3 API Standard Collection Parameters

    Sorting is supported for the following fields: created, modified

Responses

List of Pending Approvals.

Schema
  • Array [
  • idstring

    The approval id.

    Example: 2c9180835d2e5168015d32f890ca1581
    namestring

    The name of the approval.

    Example: Pending approval name
    createddate-time

    When the approval was created.

    Example: 2017-07-11T18:45:37.098Z
    modifieddate-time

    When the approval was modified last time.

    Example: 2018-07-25T20:22:28.104Z
    requestCreateddate-time

    When the access-request was created.

    Example: 2017-07-11T18:45:35.098Z
    requestTypestringnullable

    Access request type. Defaults to GRANT_ACCESS. REVOKE_ACCESS type can only have a single Identity ID in the requestedFor field.

    Possible values: [GRANT_ACCESS, REVOKE_ACCESS, null]

    Example: GRANT_ACCESS
    requester object

    Access item requester's identity.

    typestring

    Access item requester's DTO type.

    Possible values: [IDENTITY]

    Example: IDENTITY
    idstring

    Access item requester's identity ID.

    Example: 2c7180a46faadee4016fb4e018c20648
    namestring

    Access item owner's human-readable display name.

    Example: William Wilson
    requestedFor object

    Identity the access item is requested for.

    typestring

    DTO type of identity the access item is requested for.

    Possible values: [IDENTITY]

    Example: IDENTITY
    idstring

    ID of identity the access item is requested for.

    Example: 2c4180a46faadee4016fb4e018c20626
    namestring

    Human-readable display name of identity the access item is requested for.

    Example: Robert Robinson
    owner object

    Access item owner's identity.

    typestring

    Access item owner's DTO type.

    Possible values: [IDENTITY]

    Example: IDENTITY
    idstring

    Access item owner's identity ID.

    Example: 2c9180a46faadee4016fb4e018c20639
    namestring

    Access item owner's human-readable display name.

    Example: Support
    requestedObject object
    idstring

    Id of the object.

    Example: 2c938083633d259901633d25c68c00fa
    namestring

    Name of the object.

    Example: Object Name
    descriptionstring

    Description of the object.

    Example: Object Description
    typestring

    Type of the object.

    Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

    Example: ROLE
    requesterComment object
    commentstringnullable

    Comment content.

    Example: This is a comment.
    createddate-time

    Date and time comment was created.

    Example: 2017-07-11T18:45:37.098Z
    author object

    Author of the comment

    typestring

    The type of object

    Possible values: [IDENTITY]

    Example: IDENTITY
    idstring

    The unique ID of the object

    Example: 2c9180847e25f377017e2ae8cae4650b
    namestring

    The display name of the object

    Example: john.doe
    previousReviewersComments object[]

    The history of the previous reviewers comments.

  • Array [
  • commentstringnullable

    Comment content.

    Example: This is a comment.
    createddate-time

    Date and time comment was created.

    Example: 2017-07-11T18:45:37.098Z
    author object

    Author of the comment

    typestring

    The type of object

    Possible values: [IDENTITY]

    Example: IDENTITY
    idstring

    The unique ID of the object

    Example: 2c9180847e25f377017e2ae8cae4650b
    namestring

    The display name of the object

    Example: john.doe
  • ]
  • forwardHistory object[]

    The history of approval forward action.

  • Array [
  • oldApproverNamestring

    Display name of approver from whom the approval was forwarded.

    Example: Frank Mir
    newApproverNamestring

    Display name of approver to whom the approval was forwarded.

    Example: Al Volta
    commentstringnullable

    Comment made while forwarding.

    Example: Forwarding from Frank to Al
    modifieddate-time

    Time at which approval was forwarded.

    Example: 2019-08-23T18:52:57.398Z
    forwarderNamestringnullable

    Display name of forwarder who forwarded the approval.

    Example: William Wilson
    reassignmentTypestring

    The approval reassignment type.

    • MANUAL_REASSIGNMENT: An approval with this reassignment type has been specifically reassigned by the approval task's owner, from their queue to someone else's.
    • AUTOMATIC_REASSIGNMENT: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to that approver's reassignment configuration. The approver's reassignment configuration may be set up to automatically reassign approval tasks for a defined (or possibly open-ended) period of time.
    • AUTO_ESCALATION: An approval with this reassignment type has been automatically reassigned from another approver's queue, according to the request's escalation configuration. For more information about escalation configuration, refer to Setting Global Reminders and Escalation Policies.
    • SELF_REVIEW_DELEGATION: An approval with this reassignment type has been automatically reassigned by the system to prevent self-review. This helps prevent situations like a requester being tasked with approving their own request. For more information about preventing self-review, refer to Self-review Prevention and Preventing Self-approval.

    Possible values: [MANUAL_REASSIGNMENT, AUTOMATIC_REASSIGNMENT, AUTO_ESCALATION, SELF_REVIEW_DELEGATION]

    Example: AUTOMATIC_REASSIGNMENT
  • ]
  • commentRequiredWhenRejectedboolean

    When true the rejector has to provide comments when rejecting

    Default value: false
    Example: true
    actionInProcessstring

    Enum represents action that is being processed on an approval.

    Possible values: [APPROVED, REJECTED, FORWARDED]

    Example: APPROVED
    removeDatedate-time

    The date the role or access profile or entitlement is no longer assigned to the specified identity.

    Example: 2020-07-11T00:00:00Z
    removeDateUpdateRequestedboolean

    If true, then the request is to change the remove date or sunset date.

    Default value: false
    Example: true
    currentRemoveDatedate-time

    The remove date or sunset date that was assigned at the time of the request.

    Example: 2020-07-11T00:00:00Z
    sodViolationContext objectnullable

    An object referencing a completed SOD violation check

    statestring

    The status of SOD violation check

    Possible values: [SUCCESS, ERROR]

    Example: SUCCESS
    uuidstring

    The id of the Violation check event

    Example: f73d16e9-a038-46c5-b217-1246e15fdbdd
    violationCheckResult object

    The inner object representing the completed SOD Violation check

    message object

    If the request failed, includes any error message that was generated.

    localestringnullable

    The locale for the message text, a BCP 47 language tag.

    Example: en-US
    localeOriginstringnullable

    An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

    Possible values: [DEFAULT, REQUEST, null]

    Example: DEFAULT
    textstring

    Actual text of the error message in the indicated locale.

    Example: The request was syntactically correct but its content is semantically invalid.
    clientMetadata object

    Arbitrary key-value pairs. They will never be processed by the IdentityNow system but will be returned on completion of the violation check.

    property name*string
    violationContexts object[]
  • Array [
  • policy object

    SOD policy.

    typestring

    SOD policy DTO type.

    Possible values: [SOD_POLICY]

    Example: SOD_POLICY
    idstring

    SOD policy ID.

    Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
    namestring

    SOD policy display name.

    Example: Business SOD Policy
    conflictingAccessCriteria object

    The object which contains the left and right hand side of the entitlements that got violated according to the policy.

    leftCriteria object
    criteriaList object[]
  • Array [
  • existingboolean

    If the entitlement already belonged to the user or not.

    Default value: false
    Example: true
    typestring

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, MACHINE_IDENTITY, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    Example: ENTITLEMENT
    idstring

    Entitlement ID

    Example: 2c918085771e9d3301773b3cb66f6398
    namestring

    Entitlement name

    Example: My HR Entitlement
  • ]
  • rightCriteria object
    criteriaList object[]
  • Array [
  • existingboolean

    If the entitlement already belonged to the user or not.

    Default value: false
    Example: true
    typestring

    An enumeration of the types of DTOs supported within the IdentityNow infrastructure.

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, MACHINE_IDENTITY, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    Example: ENTITLEMENT
    idstring

    Entitlement ID

    Example: 2c918085771e9d3301773b3cb66f6398
    namestring

    Entitlement name

    Example: My HR Entitlement
  • ]
  • ]
  • violatedPolicies object[]

    A list of the Policies that were violated.

  • Array [
  • typestring

    SOD policy DTO type.

    Possible values: [SOD_POLICY]

    Example: SOD_POLICY
    idstring

    SOD policy ID.

    Example: 0f11f2a4-7c94-4bf3-a2bd-742580fe3bde
    namestring

    SOD policy display name.

    Example: Business SOD Policy
  • ]
  • clientMetadata objectnullable

    Arbitrary key-value pairs, if any were included in the corresponding access request item

    property name*string
    requestedAccounts object[]nullable

    The accounts selected by the user for the access to be provisioned on, in case they have multiple accounts on one or more sources.

  • Array [
  • namestring

    Display name of the account for the user

    Example: Glen.067da3248e914
    typestring

    The type of item

    Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, MACHINE_IDENTITY, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]

    Example: ACCOUNT
    accountUuidstringnullable

    The uuid for the account

    Example: {fab7119e-004f-4822-9c33-b8d570d6c6a6}
    accountIdstringnullable

    The native identity for the account

    Example: CN=Glen 067da3248e914,OU=YOUROU,OU=org-data-service,DC=YOURDC,DC=local
    sourceNamestring

    Display name of the source for the account

    Example: Multi Account AD source name
  • ]
  • ]

Authorization: oauth2

type: Personal Access Token
scopes: sp:scopes:all
package main

import (
"fmt"
"net/http"
"io"
)

func main() {

url := "https://sailpoint.api.identitynow.com/beta/access-request-approvals/pending"
method := "GET"

client := &http.Client {
}
req, err := http.NewRequest(method, url, nil)

if err != nil {
fmt.Println(err)
return
}
req.Header.Add("Accept", "application/json")
req.Header.Add("Authorization", "Bearer <TOKEN>")

res, err := client.Do(req)
if err != nil {
fmt.Println(err)
return
}
defer res.Body.Close()

body, err := io.ReadAll(res.Body)
if err != nil {
fmt.Println(err)
return
}
fmt.Println(string(body))
}
Request Collapse all
Base URL
https://sailpoint.api.identitynow.com/beta
Auth
Parameters
— query
— query
— query
— query
— query
— query
ResponseClear

Click the Send API Request button above and see the response here!