Gets a list of entitlements.
GEThttps://sailpoint.api.identitynow.com/v2024/entitlements
This API is currently in an experimental state. The API is subject to change based on feedback and further testing. You must include the X-SailPoint-Experimental header and set it to true
to use this endpoint.
This API returns a list of entitlements.
This API can be used in one of the two following ways: either getting entitlements for a specific account-id, or getting via use of filters (those two options are exclusive).
Any authenticated token can call this API.
Request
Query Parameters
The account ID. If specified, returns only entitlements associated with the given Account. Cannot be specified with the filters, segmented-for-identity, for-segment-ids, or include-unsegmented param(s).
If present and not empty, additionally filters Entitlements to those which are assigned to the Segment(s) which are visible to the Identity with the specified ID. By convention, the value me can stand in for the current user's Identity ID. Cannot be specified with the account-id or for-segment-ids param(s). It is also illegal to specify a value that refers to a different user's Identity.
If present and not empty, additionally filters Access Profiles to those which are assigned to the Segment(s) with the specified IDs. Cannot be specified with the account-id or segmented-for-identity param(s).
Whether or not the response list should contain unsegmented Entitlements. If for-segment-ids and segmented-for-identity are both absent or empty, specifying include-unsegmented=false results in an error.
true
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
0
Possible values: <= 250
Max number of results to return. See V3 API Standard Collection Parameters for more information.
250
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
false
Sort results using the standard syntax described in V3 API Standard Collection Parameters
Sorting is supported for the following fields: id, name, created, modified, type, attribute, value, source.id, requestable
Filter results using the standard syntax described in V3 API Standard Collection Parameters
Filtering is supported for the following fields and operators:
id: eq, in
name: eq, in, sw
type: eq, in
attribute: eq, in
value: eq, in, sw
source.id: eq, in
requestable: eq
created: gt, lt, ge, le
modified: gt, lt, ge, le
owner.id: eq, in
Header Parameters
Use this header to enable this experimental API.
true
Responses
- 200
- 400
- 401
- 403
- 429
- 500
- application/json
- Schema
- Example (auto)
Schema
- Array [
- ]
The entitlement id
2c91808874ff91550175097daaec161c
The entitlement name
LauncherTest2
Time when the entitlement was created
2020-10-08T18:33:52.029Z
Time when the entitlement was last modified
2020-10-08T18:33:52.029Z
The entitlement attribute name
memberOf
The value of the entitlement
CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local
The object type of the entitlement from the source schema
group
True if the entitlement is privileged
false
true
True if the entitlement is cloud governed
false
true
The description of the entitlement
CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local
True if the entitlement is requestable
false
true
attributes object
source object
owner objectnullable
directPermissions object[]
List of IDs of segments, if any, to which this Entitlement is assigned.
["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]
manuallyUpdatedFields objectnullable
accessModelMetadata objectnullable
[
{
"id": "2c91808874ff91550175097daaec161c",
"name": "LauncherTest2",
"created": "2020-10-08T18:33:52.029Z",
"modified": "2020-10-08T18:33:52.029Z",
"attribute": "memberOf",
"value": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local",
"sourceSchemaObjectType": "group",
"privileged": true,
"cloudGoverned": true,
"description": "CN=LauncherTest2,OU=LauncherTestOrg,OU=slpt-automation,DC=TestAutomationAD,DC=local",
"requestable": true,
"attributes": {
"fieldName": "fieldValue"
},
"source": {
"id": "2c9180827ca885d7017ca8ce28a000eb",
"type": "SOURCE",
"name": "ODS-AD-Source"
},
"owner": {
"id": "2a2fdacca5e345f18bf7970cfbb8fec2",
"name": "identity 1",
"type": "IDENTITY"
},
"directPermissions": [
{
"rights": [
"SELECT"
],
"target": "SYS.GV_$TRANSACTION"
}
],
"segments": [
"f7b1b8a3-5fed-4fd4-ad29-82014e137e19",
"29cb6c06-1da8-43ea-8be4-b3125f248f2a"
],
"manuallyUpdatedFields": {
"DISPLAY_NAME": true,
"DESCRIPTION": true
},
"accessModelMetadata": {
"attributes": [
{
"key": "iscPrivacy",
"name": "Privacy",
"multiselect": false,
"status": "active",
"type": "governance",
"objectTypes": [
"all"
],
"description": "Specifies the level of privacy associated with an access item.",
"values": [
{
"value": "public",
"name": "Public",
"status": "active"
}
]
}
]
}
}
]
- application/json
- Schema
- Example (auto)
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
- application/json
- Schema
- Example (auto)
Schema
A message describing the error
JWT validation failed: JWT is expired
{
"error": "JWT validation failed: JWT is expired"
}
- application/json
- Schema
- Example (auto)
- 403
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
- application/json
- Schema
- Example (auto)
Schema
A message describing the error
Rate Limit Exceeded
{
"message": " Rate Limit Exceeded "
}
- application/json
- Schema
- Example (auto)
- 500
Schema
Fine-grained error code providing more detail of the error.
400.1 Bad Request Content
Unique tracking id for the error.
e7eab60924f64aa284175b9fa3309599
messages object[]
causes object[]
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}
Authorization: oauth2
type: Personal Access Tokenscopes: idn:entitlement:read, idn:entitlement:manage
- csharp
- curl
- dart
- go
- http
- java
- javascript
- kotlin
- c
- nodejs
- objective-c
- ocaml
- php
- powershell
- python
- r
- ruby
- rust
- shell
- swift
- HTTPCLIENT
- RESTSHARP
var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Get, "https://sailpoint.api.identitynow.com/v2024/entitlements");
request.Headers.Add("Accept", "application/json");
request.Headers.Add("Authorization", "Bearer <TOKEN>");
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());