List Roles

GET 
https://sailpoint.api.identitynow.com/v2024/roles

This API returns a list of Roles.

A token with API, ORG_ADMIN, ROLE_ADMIN, or ROLE_SUBADMIN authority is required to call this API.

Request

Query Parameters

for-subadmin string
If provided, filters the returned list according to what is visible to the indicated ROLE_SUBADMIN Identity. The value of the parameter is either an Identity ID, or the special value me, which is shorthand for the calling Identity's ID. A 400 Bad Request error is returned if the for-subadmin parameter is specified for an Identity that is not a subadmin.
Example: 5168015d32f890ca15812c9180835d2e
limit int32
Possible values: <= 50
Note that for this API the maximum value for limit is 50. See V3 API Standard Collection Parameters for more information.
Default value: 50
Example: 50
offset int32
Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.
Default value: 0
Example: 0
count boolean
If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.
Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.
See V3 API Standard Collection Parameters for more information.
Default value: false
Example: true
filters string
Filter results using the standard syntax described in V3 API Standard Collection Parameters
Filtering is supported for the following fields and operators:
id: eq, in
name: eq, sw
created: gt, lt, ge, le
modified: gt, lt, ge, le
owner.id: eq, in
requestable: eq
Example: requestable eq false
sorters comma-separated
Sort results using the standard syntax described in V3 API Standard Collection Parameters
Sorting is supported for the following fields: name, created, modified
Example: name,-modified
for-segment-ids comma-separated
If present and not empty, additionally filters Roles to those which are assigned to the Segment(s) with the specified IDs.
If segmentation is currently unavailable, specifying this parameter results in an error.
Example: 0b5c9f25-83c6-4762-9073-e38f7bb2ae26,2e8d8180-24bc-4d21-91c6-7affdb473b0d
include-unsegmented boolean
Whether or not the response list should contain unsegmented Roles. If for-segment-ids is absent or empty, specifying include-unsegmented as false results in an error.
Default value: true
Example: false

Responses

200

List of Roles

application/json

Schema

Schema

Array [
idstring
The id of the Role. This field must be left null when creating an Role, otherwise a 400 Bad Request error will result.
Example: 2c918086749d78830174a1a40e121518
namestringrequired
The human-readable display name of the Role
Possible values: <= 128 characters
Example: Role 2567
createddate-time
Date the Role was created
Example: 2021-03-01T22:32:58.104Z
modifieddate-time
Date the Role was last modified.
Example: 2021-03-02T20:22:28.104Z
descriptionstringnullable
A human-readable description of the Role
Example: Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.
owner objectrequired
The owner of this object.
typestring
Owner type. This field must be either left null or set to 'IDENTITY' on input, otherwise a 400 Bad Request error will result.
Possible values: [IDENTITY]
Example: IDENTITY
idstring
Identity id
Example: 2c9180a46faadee4016fb4e018c20639
namestring
Human-readable display name of the owner. It may be left null or omitted in a POST or PATCH. If set, it must match the current value of the owner's display name, otherwise a 400 Bad Request error will result.
Example: support
accessProfiles object[]nullable
Array [
idstring
ID of the Access Profile
Example: ff808081751e6e129f1518161919ecca
typestring
Type of requested object. This field must be either left null or set to 'ACCESS_PROFILE' when creating an Access Profile, otherwise a 400 Bad Request error will result.
Possible values: [ACCESS_PROFILE]
Example: ACCESS_PROFILE
namestring
Human-readable display name of the Access Profile. This field is ignored on input.
Example: Access Profile 2567
]
entitlements object[]
Array [
typestring
Entitlement's DTO type.
Possible values: [ENTITLEMENT]
Example: ENTITLEMENT
idstring
Entitlement's ID.
Example: 2c91809773dee32014e13e122092014e
namestringnullable
Entitlement's display name.
Example: CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local
]
membership objectnullable
When present, specifies that the Role is to be granted to Identities which either satisfy specific criteria or which are members of a given list of Identities.
typestring
This enum characterizes the type of a Role's membership selector. Only the following two are fully supported:
STANDARD: Indicates that Role membership is defined in terms of a criteria expression
IDENTITY_LIST: Indicates that Role membership is conferred on the specific identities listed
Possible values: [STANDARD, IDENTITY_LIST]
Example: IDENTITY_LIST
criteria objectnullable
Defines STANDARD type Role membership
operationstring
An operation
Possible values: [EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, ENDS_WITH, AND, OR]
Example: EQUALS
key objectnullable
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
typestringrequired
Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.
Possible values: [IDENTITY, ACCOUNT, ENTITLEMENT]
Example: ACCOUNT
propertystringrequired
The name of the attribute or entitlement to which the associated criteria applies.
Example: attribute.email
sourceIdstringnullable
ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
Example: 2c9180867427f3a301745aec18211519
stringValuestringnullable
String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.
Example: carlee.cert1c9f9b6fd@mailinator.com
children object[]nullable
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
Array [
operationstring
An operation
Possible values: [EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, ENDS_WITH, AND, OR]
Example: EQUALS
key objectnullable
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
typestringrequired
Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.
Possible values: [IDENTITY, ACCOUNT, ENTITLEMENT]
Example: ACCOUNT
propertystringrequired
The name of the attribute or entitlement to which the associated criteria applies.
Example: attribute.email
sourceIdstringnullable
ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
Example: 2c9180867427f3a301745aec18211519
stringValuestringnullable
String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.
Example: carlee.cert1c9f9b6fd@mailinator.com
children object[]nullable
Array of child criteria. Required if the operation is AND or OR, otherwise it must be left null. A maximum of three levels of criteria are supported, including leaf nodes. Additionally, AND nodes can only be children or OR nodes and vice-versa.
Array [
operationstring
An operation
Possible values: [EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, ENDS_WITH, AND, OR]
Example: EQUALS
key objectnullable
Refers to a specific Identity attribute, Account attibute, or Entitlement used in Role membership criteria
typestringrequired
Indicates whether the associated criteria represents an expression on identity attributes, account attributes, or entitlements, respectively.
Possible values: [IDENTITY, ACCOUNT, ENTITLEMENT]
Example: ACCOUNT
propertystringrequired
The name of the attribute or entitlement to which the associated criteria applies.
Example: attribute.email
sourceIdstringnullable
ID of the Source from which an account attribute or entitlement is drawn. Required if type is ACCOUNT or ENTITLEMENT
Example: 2c9180867427f3a301745aec18211519
stringValuestring
String value to test the Identity attribute, Account attribute, or Entitlement specified in the key w/r/t the specified operation. If this criteria is a leaf node, that is, if the operation is one of EQUALS, NOT_EQUALS, CONTAINS, STARTS_WITH, or ENDS_WITH, this field is required. Otherwise, specifying it is an error.
Example: carlee.cert1c9f9b6fd@mailinator.com
]
]
identities object[]nullable
Defines role membership as being exclusive to the specified Identities, when type is IDENTITY_LIST.
Array [
typestringnullable
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, MACHINE_IDENTITY, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY, WORKGROUP]
Example: IDENTITY
idstring
Identity id
Example: 2c9180a46faadee4016fb4e018c20639
namestringnullable
Human-readable display name of the Identity.
Example: Thomas Edison
aliasNamestringnullable
User name of the Identity
Example: t.edison
]
legacyMembershipInfo objectnullable
This field is not directly modifiable and is generally expected to be null. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.
property name*anynullable
This field is not directly modifiable and is generally expected to be null. In very rare instances, some Roles may have been created using membership selection criteria that are no longer fully supported. While these Roles will still work, they should be migrated to STANDARD or IDENTITY_LIST selection criteria. This field exists for informational purposes as an aid to such migration.
Example: {"type":"IDENTITY_LIST"}
enabledboolean
Whether the Role is enabled or not.
Default value: false
Example: true
requestableboolean
Whether the Role can be the target of access requests.
Default value: false
Example: true
accessRequestConfig object
commentsRequiredbooleannullable
Whether the requester of the containing object must provide comments justifying the request
Default value: false
Example: true
denialCommentsRequiredbooleannullable
Whether an approver must provide comments when denying the request
Default value: false
Example: true
approvalSchemes object[]
List describing the steps in approving the request
Array [
approverTypestring
Describes the individual or group that is responsible for an approval step. Values are as follows.
OWNER: Owner of the associated Role
MANAGER: Manager of the Identity making the request
GOVERNANCE_GROUP: A Governance Group, the ID of which is specified by the approverId field
Possible values: [OWNER, MANAGER, GOVERNANCE_GROUP]
Example: GOVERNANCE_GROUP
approverIdstringnullable
Id of the specific approver, used only when approverType is GOVERNANCE_GROUP
Example: 46c79819-a69f-49a2-becb-12c971ae66c6
]
revocationRequestConfig object
commentsRequiredbooleannullable
Whether the requester of the containing object must provide comments justifying the request
Default value: false
Example: false
denialCommentsRequiredbooleannullable
Whether an approver must provide comments when denying the request
Default value: false
Example: false
approvalSchemes object[]
List describing the steps in approving the revocation request
Array [
approverTypestring
Describes the individual or group that is responsible for an approval step. Values are as follows.
OWNER: Owner of the associated Role
MANAGER: Manager of the Identity making the request
GOVERNANCE_GROUP: A Governance Group, the ID of which is specified by the approverId field
Possible values: [OWNER, MANAGER, GOVERNANCE_GROUP]
Example: GOVERNANCE_GROUP
approverIdstringnullable
Id of the specific approver, used only when approverType is GOVERNANCE_GROUP
Example: 46c79819-a69f-49a2-becb-12c971ae66c6
]
segmentsstring[]nullable
List of IDs of segments, if any, to which this Role is assigned.
Example: ["f7b1b8a3-5fed-4fd4-ad29-82014e137e19","29cb6c06-1da8-43ea-8be4-b3125f248f2a"]
dimensionalbooleannullable
Whether the Role is dimensional.
Default value: false
dimensionRefs object[]nullable
List of references to dimensions to which this Role is assigned. This field is only relevant if the Role is dimensional.
Array [
typestring
The type of the object to which this reference applies
Possible values: [DIMENSION]
Example: DIMENSION
idstring
ID of the object to which this reference applies
Example: 2c91808568c529c60168cca6f90c1313
namestring
Human-readable display name of the object to which this reference applies
Example: Role 2
]
accessModelMetadata object
attributes object[]nullable
Array [
keystring
Technical name of the Attribute. This is unique and cannot be changed after creation.
Example: iscPrivacy
namestring
The display name of the key.
Example: Privacy
multiselectboolean
Indicates whether the attribute can have multiple values.
Default value: false
Example: false
statusstring
The status of the Attribute.
Example: active
typestring
The type of the Attribute. This can be either "custom" or "governance".
Example: governance
objectTypesstring[]nullable
An array of object types this attributes values can be applied to. Possible values are "all" or "entitlement". Value "all" means this attribute can be used with all object types that are supported.
Example: ["entitlement"]
descriptionstring
The description of the Attribute.
Example: Specifies the level of privacy associated with an access item.
values object[]nullable
Array [
valuestring
Technical name of the Attribute value. This is unique and cannot be changed after creation.
Example: public
namestring
The display name of the Attribute value.
Example: Public
statusstring
The status of the Attribute value.
Example: active
]
]
]

Example (auto)

[
  {
    "id": "2c918086749d78830174a1a40e121518",
    "name": "Role 2567",
    "created": "2021-03-01T22:32:58.104Z",
    "modified": "2021-03-02T20:22:28.104Z",
    "description": "Urna amet cursus pellentesque nisl orci maximus lorem nisl euismod fusce morbi placerat adipiscing maecenas nisi tristique et metus et lacus sed morbi nunc nisl maximus magna arcu varius sollicitudin elementum enim maecenas nisi id ipsum tempus fusce diam ipsum tortor.",
    "owner": {
      "type": "IDENTITY",
      "id": "2c9180a46faadee4016fb4e018c20639",
      "name": "support"
    },
    "accessProfiles": [
      {
        "id": "ff808081751e6e129f1518161919ecca",
        "type": "ACCESS_PROFILE",
        "name": "Access Profile 2567"
      }
    ],
    "entitlements": [
      {
        "type": "ENTITLEMENT",
        "id": "2c91809773dee32014e13e122092014e",
        "name": "CN=entitlement.490efde5,OU=OrgCo,OU=ServiceDept,DC=HQAD,DC=local"
      }
    ],
    "membership": {
      "type": "IDENTITY_LIST",
      "criteria": {
        "operation": "EQUALS",
        "key": {
          "type": "ACCOUNT",
          "property": "attribute.email",
          "sourceId": "2c9180867427f3a301745aec18211519"
        },
        "stringValue": "carlee.cert1c9f9b6fd@mailinator.com",
        "children": [
          {
            "operation": "EQUALS",
            "key": {
              "type": "ACCOUNT",
              "property": "attribute.email",
              "sourceId": "2c9180867427f3a301745aec18211519"
            },
            "stringValue": "carlee.cert1c9f9b6fd@mailinator.com",
            "children": [
              {
                "operation": "EQUALS",
                "key": {
                  "type": "ACCOUNT",
                  "property": "attribute.email",
                  "sourceId": "2c9180867427f3a301745aec18211519"
                },
                "stringValue": "carlee.cert1c9f9b6fd@mailinator.com"
              }
            ]
          }
        ]
      },
      "identities": [
        {
          "type": "IDENTITY",
          "id": "2c9180a46faadee4016fb4e018c20639",
          "name": "Thomas Edison",
          "aliasName": "t.edison"
        }
      ]
    },
    "legacyMembershipInfo": {
      "type": "IDENTITY_LIST"
    },
    "enabled": true,
    "requestable": true,
    "accessRequestConfig": {
      "commentsRequired": true,
      "denialCommentsRequired": true,
      "approvalSchemes": [
        {
          "approverType": "GOVERNANCE_GROUP",
          "approverId": "46c79819-a69f-49a2-becb-12c971ae66c6"
        }
      ]
    },
    "revocationRequestConfig": {
      "commentsRequired": false,
      "denialCommentsRequired": false,
      "approvalSchemes": [
        {
          "approverType": "GOVERNANCE_GROUP",
          "approverId": "46c79819-a69f-49a2-becb-12c971ae66c6"
        }
      ]
    },
    "segments": [
      "f7b1b8a3-5fed-4fd4-ad29-82014e137e19",
      "29cb6c06-1da8-43ea-8be4-b3125f248f2a"
    ],
    "dimensional": false,
    "dimensionRefs": [
      {
        "type": "DIMENSION",
        "id": "2c91808568c529c60168cca6f90c1313",
        "name": "Role 2"
      }
    ],
    "accessModelMetadata": {
      "attributes": [
        {
          "key": "iscPrivacy",
          "name": "Privacy",
          "multiselect": false,
          "status": "active",
          "type": "governance",
          "objectTypes": [
            "all"
          ],
          "description": "Specifies the level of privacy associated with an access item.",
          "values": [
            {
              "value": "public",
              "name": "Public",
              "status": "active"
            }
          ]
        }
      ]
    }
  }
]

400

Client Error - Returned if the request body is invalid.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

401

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema

Schema

error
A message describing the error
Example: JWT validation failed: JWT is expired

Example (auto)

{
  "error": "JWT validation failed: JWT is expired"
}

403

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

403

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

429

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema

Schema

message
A message describing the error
Example: Rate Limit Exceeded

Example (auto)

{
  "message": " Rate Limit Exceeded "
}

500

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema

Schema

detailCodestring
Fine-grained error code providing more detail of the error.
Example: 400.1 Bad Request Content
trackingIdstring
Unique tracking id for the error.
Example: e7eab60924f64aa284175b9fa3309599
messages object[]
Generic localized reason for error
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]
causes object[]
Plain-text descriptive reasons to provide additional detail to the text provided in the messages field
Array [
localestringnullable
The locale for the message text, a BCP 47 language tag.
Example: en-US
localeOriginstringnullable
An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.
Possible values: [DEFAULT, REQUEST, null]
Example: DEFAULT
textstring
Actual text of the error message in the indicated locale.
Example: The request was syntactically correct but its content is semantically invalid.
]

Example (auto)

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

500

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Authorization: oauth2

type: Personal Access Token
scopes: idn:role-unchecked:read, idn:role-unchecked:manage, idn:role-checked:manage, idn:role-checked:read
user levels: ORG_ADMIN, ROLE_ADMIN, ROLE_SUBADMIN

• go
• powershell
  SailPoint SDK
• python
  SailPoint SDK
• csharp
• curl
• dart
• http
• java
• javascript
• kotlin
• c
• nodejs
• objective-c
• ocaml
• php
• r
• ruby
• rust
• shell
• swift

• NATIVE

package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "https://sailpoint.api.identitynow.com/v2024/roles"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Accept", "application/json")
  req.Header.Add("Authorization", "Bearer <TOKEN>")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}

Request Collapse all

Base URL

https://sailpoint.api.identitynow.com/v2024

Auth

Bearer Token

Parameters

for-subadmin — query

limit — query

offset — query

count — query

---truefalse

filters — query

sorters — query

for-segment-ids — query

include-unsegmented — query

---truefalse

ResponseClear

Click the Send API Request button above and see the response here!