Create a Subscription
POST/trigger-subscriptions
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true
to use this endpoint.
This API creates a new subscription to a trigger and defines trigger invocation details. The type of subscription determines which config object is required:
- HTTP subscriptions require httpConfig
- EventBridge subscriptions require eventBridgeConfig
Request
Header Parameters
Default value: true
Use this header to enable this experimental API.
- application/json
Body
required
Subscription name.
Subscription description.
ID of trigger subscribed to.
Possible values: [HTTP
, EVENTBRIDGE
, INLINE
, SCRIPT
, WORKFLOW
]
Subscription type. NOTE If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.
Default value: PT1H
Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.
httpConfig
object
Config required if HTTP subscription type is used.
URL of the external/custom integration.
Possible values: [SYNC
, ASYNC
, DYNAMIC
]
HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.
Possible values: [NO_AUTH
, BASIC_AUTH
, BEARER_TOKEN
]
Default value: NO_AUTH
Defines the HTTP Authentication type. Additional values may be added in the future.
If NO_AUTH is selected, no extra information will be in HttpConfig.
If BASIC_AUTH is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If BEARER_TOKEN is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
basicAuthConfig
object
nullable
Config required if BASIC_AUTH is used.
The username to authenticate.
The password to authenticate. On response, this field is set to null as to not return secrets.
bearerTokenAuthConfig
object
nullable
Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.
Bearer token
eventBridgeConfig
object
Config required if EVENTBRIDGE subscription type is used.
AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.
Default value: true
Whether subscription should receive real-time trigger invocations or not.
Test trigger invocations are always enabled regardless of this option.
JSONPath filter to conditionally invoke trigger when expression evaluates to true.
Responses
- 201
- 400
- 401
- 403
- 429
- 500
New subscription to a trigger. The trigger can now be invoked by the method defined in the subscription.
- application/json
- Schema
- Example (from schema)
Schema
Subscription ID.
Subscription name.
Subscription description.
ID of trigger subscribed to.
Trigger name of trigger subscribed to.
Possible values: [HTTP
, EVENTBRIDGE
, INLINE
, SCRIPT
, WORKFLOW
]
Subscription type. NOTE If type is EVENTBRIDGE, then eventBridgeConfig is required. If type is HTTP, then httpConfig is required.
Default value: PT1H
Deadline for completing REQUEST_RESPONSE trigger invocation, represented in ISO-8601 duration format.
httpConfig
object
Config required if HTTP subscription type is used.
URL of the external/custom integration.
Possible values: [SYNC
, ASYNC
, DYNAMIC
]
HTTP response modes, i.e. SYNC, ASYNC, or DYNAMIC.
Possible values: [NO_AUTH
, BASIC_AUTH
, BEARER_TOKEN
]
Default value: NO_AUTH
Defines the HTTP Authentication type. Additional values may be added in the future.
If NO_AUTH is selected, no extra information will be in HttpConfig.
If BASIC_AUTH is selected, HttpConfig will include BasicAuthConfig with Username and Password as strings.
If BEARER_TOKEN is selected, HttpConfig will include BearerTokenAuthConfig with Token as string.
basicAuthConfig
object
nullable
Config required if BASIC_AUTH is used.
The username to authenticate.
The password to authenticate. On response, this field is set to null as to not return secrets.
bearerTokenAuthConfig
object
nullable
Config required if BEARER_TOKEN authentication is used. On response, this field is set to null as to not return secrets.
Bearer token
eventBridgeConfig
object
Config required if EVENTBRIDGE subscription type is used.
AWS Account Number (12-digit number) that has the EventBridge Partner Event Source Resource.
AWS Region that has the EventBridge Partner Event Source Resource. See https://docs.aws.amazon.com/general/latest/gr/rande.html for a full list of available values.
Default value: true
Whether subscription should receive real-time trigger invocations or not. Test trigger invocations are always enabled regardless of this option.
JSONPath filter to conditionally invoke trigger when expression evaluates to true.
{
"id": "0f11f2a4-7c94-4bf3-a2bd-742580fe3bde",
"name": "Access request subscription",
"description": "Access requested to site xyz",
"triggerId": "idn:access-request-post-approval",
"triggerName": "Access Requested",
"type": "HTTP",
"responseDeadline": "PT1H",
"httpConfig": {
"url": "https://www.example.com",
"httpDispatchMode": "SYNC",
"httpAuthenticationType": "BASIC_AUTH",
"basicAuthConfig": {
"userName": "[email protected]",
"password": null
},
"bearerTokenAuthConfig": {
"bearerToken": null
}
},
"eventBridgeConfig": {
"awsAccount": "123456789012",
"awsRegion": "us-west-1"
},
"enabled": true,
"filter": "$[?($.identityId == \"201327fda1c44704ac01181e963d463c\")]"
}
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}