Requestable Objects List

GET /requestable-objects

This endpoint returns a list of acccess items that that can be requested through the Access Request endpoints. Access items are marked with AVAILABLE, PENDING or ASSIGNED with respect to the identity provided using identity-id query param. Any authenticated token can call this endpoint to see their requestable access items. A token with ORG_ADMIN authority is required to call this endpoint to return a list of all of the requestable access items for the org or for another identity.

Request

Query Parameters

identity-id string

If present, the value returns only requestable objects for the specified identity.

Admin users can call this with any identity ID value.
Non-admin users can only specify me or pass their own identity ID value.
If absent, returns a list of all requestable objects for the tenant. Only admin users can make such a call. In this case, the available, pending, assigned accesses will not be annotated in the result.

Example: e7eab60924f64aa284175b9fa3309599

types RequestableObjectType[]

Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

Filters the results to the specified type/types, where each type is one of ROLE or ACCESS_PROFILE. If absent, all types are returned. Support for additional types may be added in the future without notice.

Example: ROLE,ACCESS_PROFILE

term string

It allows searching requestable access items with a partial match on the name or description. If term is provided, then the filter query parameter will be ignored.

Example: Finance Role

statuses RequestableObjectRequestStatus[]

Possible values: [AVAILABLE, PENDING, ASSIGNED, null]

Filters the result to the specified status/statuses, where each status is one of AVAILABLE, ASSIGNED, or PENDING. It is an error to specify this parameter without also specifying an identity-id parameter. Additional statuses may be added in the future without notice.

Example: [ASSIGNED, PENDING]

limit int32

Possible values: <= 250

Default value: 250

Max number of results to return. See V3 API Standard Collection Parameters for more information.

Example: 250

offset int32

Offset into the full result set. Usually specified with limit to paginate through the results. See V3 API Standard Collection Parameters for more information.

Example: 0

count boolean

If true it will populate the X-Total-Count response header with the number of results that would be returned if limit and offset were ignored.

Since requesting a total count can have a performance impact, it is recommended not to send count=true if that value will not be used.

See V3 API Standard Collection Parameters for more information.

Example: true

filters string

Filter results using the standard syntax described in V3 API Standard Collection Parameters

Filtering is supported for the following fields and operators:

id: eq, in

name: eq, in, sw

Example: name sw "bob"

sorters comma-separated

Sort results using the standard syntax described in V3 API Standard Collection Parameters

Sorting is supported for the following fields: name

Example: name

Responses

List of requestable objects

application/json

Schema
Example (from schema)

Schema

Array [

id string

Id of the requestable object itself

name string

Human-readable display name of the requestable object

created date-time

The time when the requestable object was created

modified date-timenullable

The time when the requestable object was last modified

description stringnullable

Description of the requestable object.

type RequestableObjectType

Possible values: [ACCESS_PROFILE, ROLE, ENTITLEMENT]

The currently supported requestable object types.

requestStatus objectnullable

Status indicating the ability of an access request for the object to be made by or on behalf of the identity specified by identity-id. AVAILABLE indicates the object is available to request. PENDING indicates the object is unavailable because the identity has a pending request in flight. ASSIGNED indicates the object is unavailable because the identity already has the indicated role or access profile. If identity-id is not specified (allowed only for admin users), then status will be AVAILABLE for all results.

identityRequestId stringnullable

If requestStatus is PENDING, indicates the id of the associated account activity.

ownerRef objectnullable

type string

The type can only be IDENTITY. This is read-only

id string

Identity id.

name string

Human-readable display name of identity. This is read-only

email string

Email address of identity. This is read-only

requestCommentsRequired boolean

Whether the requester must provide comments when requesting the object.

]

[
  {
    "id": "2c9180835d2e5168015d32f890ca1581",
    "name": "Applied Research Access",
    "created": "2017-07-11T18:45:37.098Z",
    "modified": "2018-06-25T20:22:28.104Z",
    "description": "Access to research information, lab results, and schematics.",
    "type": "ACCESS_PROFILE",
    "requestStatus": "AVAILABLE",
    "identityRequestId": null,
    "ownerRef": {
      "type": "IDENTITY",
      "id": "5168015d32f890ca15812c9180835d2e",
      "name": "Alison Ferguso",
      "email": "[email protected]"
    },
    "requestCommentsRequired": false
  }
]

Client Error - Returned if the request body is invalid.

application/json

Schema
Example (from schema)

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOriginnullable

Possible values: [DEFAULT, REQUEST, null]

An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

text string

Actual text of the error message in the indicated locale.

]

causes object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOriginnullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

Schema
Example (from schema)

Schema

error

A message describing the error

{
  "error": "JWT validation failed: JWT is expired"
}

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

Schema
Example (from schema)
403

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOriginnullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOriginnullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

Schema
Example (from schema)

Schema

message

A message describing the error

{
  "message": " Rate Limit Exceeded "
}

Internal Server Error - Returned if there is an unexpected error.

application/json

Schema
Example (from schema)
500

Schema

detailCode string

Fine-grained error code providing more detail of the error.

trackingId string

Unique tracking id for the error.

messages object[]

Generic localized reason for error

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOriginnullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

causes object[]

Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

Array [

locale stringnullable

The locale for the message text, a BCP 47 language tag.

localeOrigin LocaleOriginnullable

Possible values: [DEFAULT, REQUEST, null]

text string

Actual text of the error message in the indicated locale.

]

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Requestable Objects List