List of Access Review Items
GET/certifications/:id/access-review-items
This API returns a list of access review items for an identity campaign certification. A token with ORG_ADMIN or CERT_ADMIN authority is required to call this API. Reviewers for this certification can also call this API. This API does not support requests for certifications assigned to Governance Groups.
Request
Path Parameters
The identity campaign certification ID
Query Parameters
Possible values: <= 250
Default value: 250
Max number of results to return. See V3 API Standard Collection Parameters for more information.
Default value: 0
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
Filter results using the standard syntax described in V3 API Standard Collection Parameters
Filtering is supported for the following fields and operators:
id: eq, in
type: eq
access.type: eq
completed: eq, ne
identitySummary.id: eq, in
identitySummary.name: eq, sw
access.id: eq, in
access.name: eq, sw
entitlement.sourceName: eq, sw
accessProfile.sourceName: eq, sw
Sort results using the standard syntax described in V3 API Standard Collection Parameters
Sorting is supported for the following fields: identitySummary.name, access.name, access.type, entitlement.sourceName, accessProfile.sourceName
Filter results to view access review items that pertain to any of the specified comma-separated entitlement IDs.
An error will occur if this param is used with access-profiles or roles as only one of these query params can be used at a time.
Filter results to view access review items that pertain to any of the specified comma-separated access-profle IDs.
An error will occur if this param is used with entitlements or roles as only one of these query params can be used at a time.
Filter results to view access review items that pertain to any of the specified comma-separated role IDs.
An error will occur if this param is used with entitlements or access-profiles as only one of these query params can be used at a time.
Responses
- 200
- 400
- 401
- 403
- 404
- 429
- 500
A list of access review items
- application/json
- Schema
- Example (from schema)
Schema
Array [
Array [
]
Array [
]
Array [
Array [
]
Array [
]
]
Array [
Array [
Array [
]
Array [
]
]
]
Array [
Array [
]
Array [
]
]
]
accessSummary
object
An object holding the access that is being reviewed
access
object
Possible values: [ACCOUNT_CORRELATION_CONFIG
, ACCESS_PROFILE
, ACCESS_REQUEST_APPROVAL
, ACCOUNT
, APPLICATION
, CAMPAIGN
, CAMPAIGN_FILTER
, CERTIFICATION
, CLUSTER
, CONNECTOR_SCHEMA
, ENTITLEMENT
, GOVERNANCE_GROUP
, IDENTITY
, IDENTITY_PROFILE
, IDENTITY_REQUEST
, LIFECYCLE_STATE
, PASSWORD_POLICY
, ROLE
, RULE
, SOD_POLICY
, SOURCE
, TAG
, TAG_CATEGORY
, TASK_RESULT
, REPORT_RESULT
, SOD_VIOLATION
, ACCOUNT_ACTIVITY
, WORKGROUP
]
The type of item being certified
The ID of the item being certified
The name of the item being certified
entitlement
object
nullable
The id for the entitlement
The name of the entitlement
Information about the entitlement
Indicates if the entitlement is a privileged entitlement
owner
object
nullable
The type can only be IDENTITY. This is read-only.
Identity ID.
Identity's human-readable display name. This is read-only.
Identity's email address. This is read-only.
The name of the attribute on the source
The value of the attribute on the source
The schema object type on the source used to represent the entitlement and its attributes
The name of the source for which this entitlement belongs
The type of the source for which the entitlement belongs
The ID of the source for which the entitlement belongs
Indicates if the entitlement has permissions
Indicates if the entitlement is a representation of an account permission
Indicates whether the entitlement can be revoked
True if the entitlement is cloud governed
True if the entitlement has DAS data
dataAccess
object
nullable
DAS data for the entitlement
policies
object[]
List of classification policies that apply to resources the entitlement \ groups has access to
Value of the policy
categories
object[]
List of classification categories that apply to resources the entitlement \ groups has access to
Value of the category
Number of matched for each category
impactScore
object
Impact Score for this data
account
object
nullable
Information about the status of the entitlement
The native identity for this account
Indicates whether this account is currently disabled
Indicates whether this account is currently locked
Possible values: [ACCOUNT_CORRELATION_CONFIG
, ACCESS_PROFILE
, ACCESS_REQUEST_APPROVAL
, ACCOUNT
, APPLICATION
, CAMPAIGN
, CAMPAIGN_FILTER
, CERTIFICATION
, CLUSTER
, CONNECTOR_SCHEMA
, ENTITLEMENT
, GOVERNANCE_GROUP
, IDENTITY
, IDENTITY_PROFILE
, IDENTITY_REQUEST
, LIFECYCLE_STATE
, PASSWORD_POLICY
, ROLE
, RULE
, SOD_POLICY
, SOURCE
, TAG
, TAG_CATEGORY
, TASK_RESULT
, REPORT_RESULT
, SOD_VIOLATION
, ACCOUNT_ACTIVITY
, WORKGROUP
]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
The id associated with the account
The account name
When the account was created
When the account was last modified
activityInsights
object
Insights into account activity
UUID of the account
Possible values: <= 90
The number of days of activity
Possible values: [COMPLETE
, UNKNOWN
]
Status indicating if the activity is complete or unknown
accessProfile
object
The id of the Access Profile
Name of the Access Profile
Information about the Access Profile
Indicates if the entitlement is a privileged entitlement
True if the entitlement is cloud governed
The date at which a user's access expires
owner
object
nullable
Owner of the Access Profile
The type can only be IDENTITY. This is read-only.
Identity ID.
Identity's human-readable display name. This is read-only.
Identity's email address. This is read-only.
entitlements
object[]
A list of entitlements associated with this Access Profile
The id for the entitlement
The name of the entitlement
Information about the entitlement
Indicates if the entitlement is a privileged entitlement
owner
object
nullable
The type can only be IDENTITY. This is read-only.
Identity ID.
Identity's human-readable display name. This is read-only.
Identity's email address. This is read-only.
The name of the attribute on the source
The value of the attribute on the source
The schema object type on the source used to represent the entitlement and its attributes
The name of the source for which this entitlement belongs
The type of the source for which the entitlement belongs
The ID of the source for which the entitlement belongs
Indicates if the entitlement has permissions
Indicates if the entitlement is a representation of an account permission
Indicates whether the entitlement can be revoked
True if the entitlement is cloud governed
True if the entitlement has DAS data
dataAccess
object
nullable
DAS data for the entitlement
policies
object[]
List of classification policies that apply to resources the entitlement \ groups has access to
Value of the policy
categories
object[]
List of classification categories that apply to resources the entitlement \ groups has access to
Value of the category
Number of matched for each category
impactScore
object
Impact Score for this data
account
object
nullable
Information about the status of the entitlement
The native identity for this account
Indicates whether this account is currently disabled
Indicates whether this account is currently locked
Possible values: [ACCOUNT_CORRELATION_CONFIG
, ACCESS_PROFILE
, ACCESS_REQUEST_APPROVAL
, ACCOUNT
, APPLICATION
, CAMPAIGN
, CAMPAIGN_FILTER
, CERTIFICATION
, CLUSTER
, CONNECTOR_SCHEMA
, ENTITLEMENT
, GOVERNANCE_GROUP
, IDENTITY
, IDENTITY_PROFILE
, IDENTITY_REQUEST
, LIFECYCLE_STATE
, PASSWORD_POLICY
, ROLE
, RULE
, SOD_POLICY
, SOURCE
, TAG
, TAG_CATEGORY
, TASK_RESULT
, REPORT_RESULT
, SOD_VIOLATION
, ACCOUNT_ACTIVITY
, WORKGROUP
]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
The id associated with the account
The account name
When the account was created
When the account was last modified
activityInsights
object
Insights into account activity
UUID of the account
Possible values: <= 90
The number of days of activity
Possible values: [COMPLETE
, UNKNOWN
]
Status indicating if the activity is complete or unknown
Date the Access Profile was created.
Date the Access Profile was last modified.
role
object
nullable
The id for the Role
The name of the Role
Information about the Role
Indicates if the entitlement is a privileged entitlement
owner
object
nullable
The type can only be IDENTITY. This is read-only.
Identity ID.
Identity's human-readable display name. This is read-only.
Identity's email address. This is read-only.
Indicates whether the Role can be revoked or requested
The date when a user's access expires.
accessProfiles
object[]
The list of Access Profiles associated with this Role
The id of the Access Profile
Name of the Access Profile
Information about the Access Profile
Indicates if the entitlement is a privileged entitlement
True if the entitlement is cloud governed
The date at which a user's access expires
owner
object
nullable
Owner of the Access Profile
The type can only be IDENTITY. This is read-only.
Identity ID.
Identity's human-readable display name. This is read-only.
Identity's email address. This is read-only.
entitlements
object[]
A list of entitlements associated with this Access Profile
The id for the entitlement
The name of the entitlement
Information about the entitlement
Indicates if the entitlement is a privileged entitlement
owner
object
nullable
The type can only be IDENTITY. This is read-only.
Identity ID.
Identity's human-readable display name. This is read-only.
Identity's email address. This is read-only.
The name of the attribute on the source
The value of the attribute on the source
The schema object type on the source used to represent the entitlement and its attributes
The name of the source for which this entitlement belongs
The type of the source for which the entitlement belongs
The ID of the source for which the entitlement belongs
Indicates if the entitlement has permissions
Indicates if the entitlement is a representation of an account permission
Indicates whether the entitlement can be revoked
True if the entitlement is cloud governed
True if the entitlement has DAS data
dataAccess
object
nullable
DAS data for the entitlement
policies
object[]
List of classification policies that apply to resources the entitlement \ groups has access to
Value of the policy
categories
object[]
List of classification categories that apply to resources the entitlement \ groups has access to
Value of the category
Number of matched for each category
impactScore
object
Impact Score for this data
account
object
nullable
Information about the status of the entitlement
The native identity for this account
Indicates whether this account is currently disabled
Indicates whether this account is currently locked
Possible values: [ACCOUNT_CORRELATION_CONFIG
, ACCESS_PROFILE
, ACCESS_REQUEST_APPROVAL
, ACCOUNT
, APPLICATION
, CAMPAIGN
, CAMPAIGN_FILTER
, CERTIFICATION
, CLUSTER
, CONNECTOR_SCHEMA
, ENTITLEMENT
, GOVERNANCE_GROUP
, IDENTITY
, IDENTITY_PROFILE
, IDENTITY_REQUEST
, LIFECYCLE_STATE
, PASSWORD_POLICY
, ROLE
, RULE
, SOD_POLICY
, SOURCE
, TAG
, TAG_CATEGORY
, TASK_RESULT
, REPORT_RESULT
, SOD_VIOLATION
, ACCOUNT_ACTIVITY
, WORKGROUP
]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
The id associated with the account
The account name
When the account was created
When the account was last modified
activityInsights
object
Insights into account activity
UUID of the account
Possible values: <= 90
The number of days of activity
Possible values: [COMPLETE
, UNKNOWN
]
Status indicating if the activity is complete or unknown
Date the Access Profile was created.
Date the Access Profile was last modified.
entitlements
object[]
The list of entitlements associated with this Role
The id for the entitlement
The name of the entitlement
Information about the entitlement
Indicates if the entitlement is a privileged entitlement
owner
object
nullable
The type can only be IDENTITY. This is read-only.
Identity ID.
Identity's human-readable display name. This is read-only.
Identity's email address. This is read-only.
The name of the attribute on the source
The value of the attribute on the source
The schema object type on the source used to represent the entitlement and its attributes
The name of the source for which this entitlement belongs
The type of the source for which the entitlement belongs
The ID of the source for which the entitlement belongs
Indicates if the entitlement has permissions
Indicates if the entitlement is a representation of an account permission
Indicates whether the entitlement can be revoked
True if the entitlement is cloud governed
True if the entitlement has DAS data
dataAccess
object
nullable
DAS data for the entitlement
policies
object[]
List of classification policies that apply to resources the entitlement \ groups has access to
Value of the policy
categories
object[]
List of classification categories that apply to resources the entitlement \ groups has access to
Value of the category
Number of matched for each category
impactScore
object
Impact Score for this data
account
object
nullable
Information about the status of the entitlement
The native identity for this account
Indicates whether this account is currently disabled
Indicates whether this account is currently locked
Possible values: [ACCOUNT_CORRELATION_CONFIG
, ACCESS_PROFILE
, ACCESS_REQUEST_APPROVAL
, ACCOUNT
, APPLICATION
, CAMPAIGN
, CAMPAIGN_FILTER
, CERTIFICATION
, CLUSTER
, CONNECTOR_SCHEMA
, ENTITLEMENT
, GOVERNANCE_GROUP
, IDENTITY
, IDENTITY_PROFILE
, IDENTITY_REQUEST
, LIFECYCLE_STATE
, PASSWORD_POLICY
, ROLE
, RULE
, SOD_POLICY
, SOURCE
, TAG
, TAG_CATEGORY
, TASK_RESULT
, REPORT_RESULT
, SOD_VIOLATION
, ACCOUNT_ACTIVITY
, WORKGROUP
]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
The id associated with the account
The account name
When the account was created
When the account was last modified
activityInsights
object
Insights into account activity
UUID of the account
Possible values: <= 90
The number of days of activity
Possible values: [COMPLETE
, UNKNOWN
]
Status indicating if the activity is complete or unknown
identitySummary
object
The ID of the identity summary
Name of the linked identity
The ID of the identity being certified
Indicates whether the review items for the linked identity's certification have been completed
The review item's id
Whether the review item is complete
Indicates whether the review item is for new access to a source
Possible values: [APPROVE
, REVOKE
]
The decision to approve or revoke the review item
Comments for this review item
[
{
"accessSummary": {
"access": {
"type": "IDENTITY",
"id": "2c9180867160846801719932c5153fb7",
"name": "Entitlement for Company Database"
},
"entitlement": {
"id": "2c918085718230600171993742c63558",
"name": "CN=entitlement.bbb7c650",
"description": "Gives read/write access to the company database",
"privileged": false,
"owner": {
"type": "IDENTITY",
"id": "5168015d32f890ca15812c9180835d2e",
"name": "Alison Ferguso",
"email": "[email protected]"
},
"attributeName": "memberOf",
"attributeValue": "CN=entitlement.bbb7c650",
"sourceSchemaObjectType": "groups",
"sourceName": "ODS-AD-Source",
"sourceType": "Active Directory - Direct",
"sourceId": "78ca6be511cb41fbb86dba2fcca7780c",
"hasPermissions": false,
"isPermission": false,
"revocable": true,
"cloudGoverned": false,
"containsDataAccess": true,
"dataAccess": {
"policies": [
{
"value": "GDPR-20"
}
],
"categories": [
{
"value": "email-7",
"matchCount": 10
}
],
"impactScore": {
"value": "Medium"
}
},
"account": {
"nativeIdentity": "CN=Alison Ferguso",
"disabled": false,
"locked": false,
"type": "IDENTITY",
"id": "2c9180857182305e0171993737eb29e6",
"name": "Alison Ferguso",
"created": "2020-04-20T20:11:05.067Z",
"modified": "2020-05-20T18:57:16.987Z",
"activityInsights": {
"accountID": "c4ddd5421d8549f0abd309162cafd3b1",
"usageDays": 45,
"usageDaysState": "COMPLETE"
}
}
},
"accessProfile": {
"id": "2c91808a7190d06e01719938fcd20792",
"name": "Employee-database-read-write",
"description": "Collection of entitlements to read/write the employee database",
"privileged": false,
"cloudGoverned": false,
"endDate": "2021-12-25T00:00:00.000Z",
"owner": {
"type": "IDENTITY",
"id": "5168015d32f890ca15812c9180835d2e",
"name": "Alison Ferguso",
"email": "[email protected]"
},
"entitlements": [
{
"id": "2c918085718230600171993742c63558",
"name": "CN=entitlement.bbb7c650",
"description": "Gives read/write access to the company database",
"privileged": false,
"owner": {
"type": "IDENTITY",
"id": "5168015d32f890ca15812c9180835d2e",
"name": "Alison Ferguso",
"email": "[email protected]"
},
"attributeName": "memberOf",
"attributeValue": "CN=entitlement.bbb7c650",
"sourceSchemaObjectType": "groups",
"sourceName": "ODS-AD-Source",
"sourceType": "Active Directory - Direct",
"sourceId": "78ca6be511cb41fbb86dba2fcca7780c",
"hasPermissions": false,
"isPermission": false,
"revocable": true,
"cloudGoverned": false,
"containsDataAccess": true,
"dataAccess": {
"policies": [
{
"value": "GDPR-20"
}
],
"categories": [
{
"value": "email-7",
"matchCount": 10
}
],
"impactScore": {
"value": "Medium"
}
},
"account": {
"nativeIdentity": "CN=Alison Ferguso",
"disabled": false,
"locked": false,
"type": "IDENTITY",
"id": "2c9180857182305e0171993737eb29e6",
"name": "Alison Ferguso",
"created": "2020-04-20T20:11:05.067Z",
"modified": "2020-05-20T18:57:16.987Z",
"activityInsights": {
"accountID": "c4ddd5421d8549f0abd309162cafd3b1",
"usageDays": 45,
"usageDaysState": "COMPLETE"
}
}
}
],
"created": "2021-01-01T22:32:58.104Z",
"modified": "2021-02-01T22:32:58.104Z"
},
"role": {
"id": "2c91808a7190d06e0171993907fd0794",
"name": "Accounting-Employees",
"description": "Role for members of the accounting department with the necessary Access Profiles",
"privileged": false,
"owner": {
"type": "IDENTITY",
"id": "5168015d32f890ca15812c9180835d2e",
"name": "Alison Ferguso",
"email": "[email protected]"
},
"revocable": false,
"endDate": "2021-12-25T00:00:00.000Z",
"accessProfiles": [
{
"id": "2c91808a7190d06e01719938fcd20792",
"name": "Employee-database-read-write",
"description": "Collection of entitlements to read/write the employee database",
"privileged": false,
"cloudGoverned": false,
"endDate": "2021-12-25T00:00:00.000Z",
"owner": {
"type": "IDENTITY",
"id": "5168015d32f890ca15812c9180835d2e",
"name": "Alison Ferguso",
"email": "[email protected]"
},
"entitlements": [
{
"id": "2c918085718230600171993742c63558",
"name": "CN=entitlement.bbb7c650",
"description": "Gives read/write access to the company database",
"privileged": false,
"owner": {
"type": "IDENTITY",
"id": "5168015d32f890ca15812c9180835d2e",
"name": "Alison Ferguso",
"email": "[email protected]"
},
"attributeName": "memberOf",
"attributeValue": "CN=entitlement.bbb7c650",
"sourceSchemaObjectType": "groups",
"sourceName": "ODS-AD-Source",
"sourceType": "Active Directory - Direct",
"sourceId": "78ca6be511cb41fbb86dba2fcca7780c",
"hasPermissions": false,
"isPermission": false,
"revocable": true,
"cloudGoverned": false,
"containsDataAccess": true,
"dataAccess": {
"policies": [
{
"value": "GDPR-20"
}
],
"categories": [
{
"value": "email-7",
"matchCount": 10
}
],
"impactScore": {
"value": "Medium"
}
},
"account": {
"nativeIdentity": "CN=Alison Ferguso",
"disabled": false,
"locked": false,
"type": "IDENTITY",
"id": "2c9180857182305e0171993737eb29e6",
"name": "Alison Ferguso",
"created": "2020-04-20T20:11:05.067Z",
"modified": "2020-05-20T18:57:16.987Z",
"activityInsights": {
"accountID": "c4ddd5421d8549f0abd309162cafd3b1",
"usageDays": 45,
"usageDaysState": "COMPLETE"
}
}
}
],
"created": "2021-01-01T22:32:58.104Z",
"modified": "2021-02-01T22:32:58.104Z"
}
],
"entitlements": [
{
"id": "2c918085718230600171993742c63558",
"name": "CN=entitlement.bbb7c650",
"description": "Gives read/write access to the company database",
"privileged": false,
"owner": {
"type": "IDENTITY",
"id": "5168015d32f890ca15812c9180835d2e",
"name": "Alison Ferguso",
"email": "[email protected]"
},
"attributeName": "memberOf",
"attributeValue": "CN=entitlement.bbb7c650",
"sourceSchemaObjectType": "groups",
"sourceName": "ODS-AD-Source",
"sourceType": "Active Directory - Direct",
"sourceId": "78ca6be511cb41fbb86dba2fcca7780c",
"hasPermissions": false,
"isPermission": false,
"revocable": true,
"cloudGoverned": false,
"containsDataAccess": true,
"dataAccess": {
"policies": [
{
"value": "GDPR-20"
}
],
"categories": [
{
"value": "email-7",
"matchCount": 10
}
],
"impactScore": {
"value": "Medium"
}
},
"account": {
"nativeIdentity": "CN=Alison Ferguso",
"disabled": false,
"locked": false,
"type": "IDENTITY",
"id": "2c9180857182305e0171993737eb29e6",
"name": "Alison Ferguso",
"created": "2020-04-20T20:11:05.067Z",
"modified": "2020-05-20T18:57:16.987Z",
"activityInsights": {
"accountID": "c4ddd5421d8549f0abd309162cafd3b1",
"usageDays": 45,
"usageDaysState": "COMPLETE"
}
}
}
]
}
},
"identitySummary": {
"id": "2c91808772a504f50172a9540e501ba7",
"name": "Alison Ferguso",
"identityId": "2c9180857182306001719937377a33de",
"completed": true
},
"id": "ef38f94347e94562b5bb8424a56397d8",
"completed": false,
"newAccess": false,
"decision": "APPROVE",
"comments": "This user still needs access to this source"
}
]
Client Error - Returned if the request body is invalid.
- application/json
- Schema
- Example (from schema)
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"error": "JWT validation failed: JWT is expired"
}
Forbidden - Returned if the user you are running as, doesn't have access to this end-point.
- application/json
- Schema
- Example (from schema)
- 403
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 403 response object
{
"detailCode": "403 Forbidden",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server understood the request but refuses to authorize it."
}
]
}
Not Found - returned if the request URL refers to a resource or object that does not exist
- application/json
- Schema
- Example (from schema)
- 404
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 404 response object
{
"detailCode": "404 Not found",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The server did not find a current representation for the target resource."
}
]
}
Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.
- application/json
- Schema
- Example (from schema)
Schema
A message describing the error
{
"message": " Rate Limit Exceeded "
}
Internal Server Error - Returned if there is an unexpected error.
- application/json
- Schema
- Example (from schema)
- 500
Schema
Array [
]
Array [
]
Fine-grained error code providing more detail of the error.
Unique tracking id for the error.
messages
object[]
Generic localized reason for error
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
causes
object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
The locale for the message text, a BCP 47 language tag.
Possible values: [DEFAULT
, REQUEST
, null
]
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Actual text of the error message in the indicated locale.
{
"detailCode": "400.1 Bad Request Content",
"trackingId": "e7eab60924f64aa284175b9fa3309599",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
],
"causes": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "The request was syntactically correct but its content is semantically invalid."
}
]
}
An example of a 500 response object
{
"detailCode": "500.0 Internal Fault",
"trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
"messages": [
{
"locale": "en-US",
"localeOrigin": "DEFAULT",
"text": "An internal fault occurred."
}
]
}