Lists all events for the given identity

GET /historical-identities/:id/events

experimental

This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true to use this endpoint.

This method retrieves all access events for the identity Requires authorization scope of 'idn:identity-history:read'

Request

Path Parameters

id stringrequired

The identity id

Example: 8c190e6787aa4ed9a90bd9d5344523fb

Query Parameters

from string

The optional instant until which access events are returned

Example: 2024-03-01T13:00:00Z

eventTypes string[]

An optional list of event types to return. If null or empty, all events are returned

Example: [AccessAddedEvent, AccessRemovedEvent]

accessItemTypes string[]

An optional list of access item types (app, account, entitlement, etc...) to return. If null or empty, all access items types are returned

Example: [entitlement, account]

limit int32

Possible values: <= 250

Default value: 250

Max number of results to return. See V3 API Standard Collection Parameters for more information.

Example: 250

offset int32

Default value: 0

Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

Example: 0

count boolean

If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

See V3 API Standard Collection Parameters for more information.

Example: true

Header Parameters

X-SailPoint-Experimental stringrequired

Default value: true

Use this header to enable this experimental API.

Example: true

Responses

The list of events for the identity

application/json

Schema

Array [

anyOf

accessItem

object

oneOf

AccessItemAccessProfileResponse
AccessItemAccountResponse
AccessItemAppResponse
AccessItemEntitlementResponse
AccessItemRoleResponse

accessType string

the access item type. accessProfile in this case

id string

the access item id

name string

the access profile name

sourceName string

the name of the source

sourceId string

the id of the source

description string

the description for the access profile

displayName string

the display name of the identity

entitlementCount string

the number of entitlements the access profile will create

appDisplayName string

the name of

removeDate string

the date the access profile is no longer assigned to the specified identity

standalone booleanrequired

indicates whether the access profile is standalone

revocable booleanrequired

indicates whether the access profile is

identityId string

the identity id

eventType string

the event type

dt string

the date of event

governanceEvent

object

name string

The name of the governance event, such as the certification name or access request ID.

dt string

The date that the certification or access request was completed.

type string

Possible values: [certification, accessRequest]

The type of governance event.

governanceId string

The ID of the instance that caused the event - either the certification ID or access request ID.

owners

object[]

The owners of the governance event (the certifiers or approvers)

Array [

id string

the id of the certifier

displayName string

the name of the certifier

]

reviewers

object[]

The owners of the governance event (the certifiers or approvers), this field should be preferred over owners

Array [

id string

the id of the certifier

displayName string

the name of the certifier

]

decisionMaker

object

The decision maker

id string

the id of the certifier

displayName string

the name of the certifier

accessItem

object

oneOf

AccessItemAccessProfileResponse
AccessItemAccountResponse
AccessItemAppResponse
AccessItemEntitlementResponse
AccessItemRoleResponse

accessType string

the access item type. accessProfile in this case

id string

the access item id

name string

the access profile name

sourceName string

the name of the source

sourceId string

the id of the source

description string

the description for the access profile

displayName string

the display name of the identity

entitlementCount string

the number of entitlements the access profile will create

appDisplayName string

the name of

removeDate string

the date the access profile is no longer assigned to the specified identity

standalone booleanrequired

indicates whether the access profile is standalone

revocable booleanrequired

indicates whether the access profile is

identityId string

the identity id

eventType string

the event type

dt string

the date of event

governanceEvent

object

name string

The name of the governance event, such as the certification name or access request ID.

dt string

The date that the certification or access request was completed.

type string

Possible values: [certification, accessRequest]

The type of governance event.

governanceId string

The ID of the instance that caused the event - either the certification ID or access request ID.

owners

object[]

The owners of the governance event (the certifiers or approvers)

Array [

id string

the id of the certifier

displayName string

the name of the certifier

]

reviewers

object[]

The owners of the governance event (the certifiers or approvers), this field should be preferred over owners

Array [

id string

the id of the certifier

displayName string

the name of the certifier

]

decisionMaker

object

The decision maker

id string

the id of the certifier

displayName string

the name of the certifier

accessRequest

object

the access request details

requesterId string

the requester Id

requesterName string

the requesterName

items

object[]

Array [

operation string

the access request item operation

accessItemType string

the access item type

name string

the name of access request item

decision string

Possible values: [APPROVED, REJECTED]

the final decision for the access request

description string

the description of access request item

sourceId string

the source id

sourceName string

the source Name

approvalInfos

object[]

Array [

id string

the id of approver

name string

the name of approver

status string

the status of the approval request

]

identityId string

the identity id

eventType string

the event type

dt string

the date of event

eventType string

the event type

identityId string

the identity id

dt string

the date of event

account

object

id string

the ID of the account in the database

nativeIdentity string

the native identifier of the account

displayName string

the display name of the account

sourceId string

the ID of the source for this account

sourceName string

the name of the source for this account

entitlementCount integer

the number of entitlements on this account

accessType string

this value is always "account"

statusChange

object

previousStatus string

Possible values: [enabled, disabled, locked]

the previous status of the account

newStatus string

Possible values: [enabled, disabled, locked]

the new status of the account

]

[
  {},
  {},
  {
    "attributeChanges": {
      "name": "firstname",
      "previousValue": "adam",
      "newValue": "zampa"
    },
    "eventType": "AttributesChanged",
    "identityId": "8a80828f643d484f01643e14202e206f",
    "dt": "2019-03-08T22:37:33.901Z"
  },
  {},
  {},
  {
    "account": {
      "id": "2c91808a77ff216301782327a50f09bf",
      "nativeIdentity": 127999,
      "displayName": "Sample Name",
      "sourceId": "8a80828f643d484f01643e14202e206f",
      "sourceName": "JDBC Entitlements Source",
      "entitlementCount": 0,
      "accessType": "account"
    },
    "statusChange": {
      "previousStatus": "enabled",
      "newStatus": "disabled"
    },
    "eventType": "AccountStatusChanged",
    "identityId": "8a80828f643d484f01643e14202e206f",
    "date": "2019-03-08T22:37:33.901Z"
  }
]

[
  {
    "accessItem": {
      "id": "8c190e6787aa4ed9a90bd9d5344523fb",
      "accessType": "account",
      "nativeIdentity": 127999,
      "sourceName": "JDBC Entitlements Source",
      "entitlementCount": 0,
      "displayName": "Sample Name"
    },
    "eventType": "AccessItemAssociated",
    "identityId": "8a80828f643d484f01643e14202e206f",
    "dt": "2019-03-08T22:37:33.901Z",
    "governanceEvent": {
      "name": "Access Request 58",
      "dt": "2019-03-08T22:37:33.901Z",
      "type": "accessRequest",
      "governanceId": "2c91808a77ff216301782327a50f09e1",
      "owners": [
        {
          "id": "bc693f07e7b645539626c25954c58554",
          "displayName": "Jon Snow"
        }
      ],
      "reviewers": [
        {
          "id": "bc693f07e7b645539626c25954c58554",
          "displayName": "Jon Snow"
        }
      ],
      "decisionMaker": {
        "id": "bc693f07e7b645539626c25954c58554",
        "displayName": "Jon Snow"
      }
    }
  }
]

[
  {
    "accessItem": {
      "id": "8c190e6787aa4ed9a90bd9d5344523fb",
      "accessType": "account",
      "nativeIdentity": 127999,
      "sourceName": "JDBC Entitlements Source",
      "entitlementCount": 0,
      "displayName": "Sample Name"
    },
    "eventType": "AccessItemRemoved",
    "identityId": "8a80828f643d484f01643e14202e206f",
    "dt": "2019-03-08T22:37:33.901Z",
    "governanceEvent": {
      "name": "Manager Certification for Jon Snow",
      "dt": "2019-03-08T22:37:33.901Z",
      "type": "certification",
      "governanceId": "2c91808a77ff216301782327a50f09bf",
      "owners": [
        {
          "id": "bc693f07e7b645539626c25954c58554",
          "displayName": "Jon Snow"
        }
      ],
      "reviewers": [
        {
          "id": "bc693f07e7b645539626c25954c58554",
          "displayName": "Jon Snow"
        }
      ],
      "decisionMaker": {
        "id": "bc693f07e7b645539626c25954c58554",
        "displayName": "Jon Snow"
      }
    }
  }
]

[
  {
    "attributeChanges": [
      {
        "name": "firstname",
        "previousValue": "adam",
        "newValue": "zampa"
      }
    ],
    "eventType": "AttributesChanged",
    "identityId": "8a80828f643d484f01643e14202e206f",
    "dt": "2019-03-08T22:37:33.901Z"
  }
]

{
  "accessRequest": {
    "requesterId": "2c91808a77ff216301782327a50f09bf",
    "requestName": "Bing C",
    "items": [
      {
        "operation": "Add",
        "accessItemType": "role",
        "name": "Role-1",
        "decision": "APPROVED",
        "description": "The role descrition",
        "sourceId": "8a80828f643d484f01643e14202e206f",
        "sourceName": "Source1",
        "approvalInfos": [
          {
            "name": "John Snow",
            "id": "8a80828f643d484f01643e14202e2000",
            "status": "Approved"
          }
        ]
      }
    ]
  },
  "eventType": "AccessRequested",
  "identityId": "8a80828f643d484f01643e14202e206f",
  "dt": "2019-03-08T22:37:33.901Z"
}

[
  {
    "certification": {
      "id": "2c91808a77ff216301782327a50f09bf",
      "name": "Cert name",
      "signedDate": "2019-03-08T22:37:33.901Z",
      "certifiers": [
        {
          "id": "8a80828f643d484f01643e14202e206f",
          "displayName": "John Snow"
        }
      ],
      "reviewers": [
        {
          "id": "8a80828f643d484f01643e14202e206f",
          "displayName": "Daenerys Targaryen"
        }
      ],
      "signer": {
        "id": "8a80828f643d484f01643e14202e206f",
        "displayName": "Tyrion Lannister"
      }
    },
    "eventType": "IdentityCertified",
    "identityId": "8a80828f643d484f01643e14202e206f",
    "dt": "2019-03-08T22:37:33.901Z"
  }
]

[
  {
    "account": {
      "id": "2c91808a77ff216301782327a50f09bf",
      "nativeIdentity": 127999,
      "displayName": "Sample Name",
      "sourceId": "8a80828f643d484f01643e14202e206f",
      "sourceName": "JDBC Entitlements Source",
      "entitlementCount": 0,
      "accessType": "account"
    },
    "statusChange": {
      "previousStatus": "ENABLED",
      "newStatus": "DISABLED"
    },
    "eventType": "AccountStatusChanged",
    "identityId": "8a80828f643d484f01643e14202e206f",
    "dt": "2019-03-08T22:37:33.901Z"
  }
]

Client Error - Returned if the request body is invalid.

application/json

Schema
Example (from schema)

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema
Example (from schema)

Schema

error

A message describing the error

{
  "error": "JWT validation failed: JWT is expired"
}

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema
Example (from schema)
403

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

Not Found - returned if the request URL refers to a resource or object that does not exist

application/json

Schema
Example (from schema)
404

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 404 response object

{
  "detailCode": "404 Not found",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server did not find a current representation for the target resource."
    }
  ]
}

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema
Example (from schema)

Schema

message

A message describing the error

{
  "message": " Rate Limit Exceeded "
}

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema
Example (from schema)
500

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages

object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes

object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOrigin (string)nullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Lists all events for the given identity

/historical-identities/:id/events

Request​

Path Parameters

Query Parameters

Header Parameters

Responses​

Request

Responses