API
Learn how to use the SailPoint CLI to make generic API calls in this guide.
The api command makes it easy to call SailPoint APIs and parse the results using JSONPath queries if needed.
Get Requests
Run this command to get a list of transforms using the v2025 API:
sail api get /v2025/transforms
You can filter the results using the --jsonpath flag or -j for short. The following command returns just the names of the transforms:
sail api get /v2025/transforms --jsonpath "$.*.name"
For better readability, you can pretty-print the response using the --pretty flag or -p for short:
sail api get /v2025/transforms --jsonpath "$.*.name" --pretty
Headers
To include headers with your API call—such as calling an experimental endpoint—use the --headers or -H flag:
sail api get /v2025/entitlements/ -H "X-SailPoint-Experimental:true"
Query Parameters
Use the --query or -q flag to provide query parameters.
For example, run this command to retrieve a list of entitlements owned by a specific identity:
Query parameters may need to be escaped depending on their use.
sail api get /v2025/entitlements -q filters="owner.id eq\"<identity_id>\"" -H "X-SailPoint-Experimental:true"
Multiple Query Parameters
The --query flag can be used multiple times to provide additional query parameters.
Use the following command to return a single entitlement owned by a specific identity:
sail api get /v2025/entitlements -q filters="owner.id eq\"<identity-id>\"" -q limit=1 -H "X-SailPoint-Experimental:true"
Post Requests
Use the post subcommand to create resources.
Run the following command to create a basic transform, passing the request body as a string:
sail api post /v2025/transforms --body '{"name":"ToLowerCase","type":"lower","attributes":{}}'
Alternatively, use the --body-file or -f flag to provide the request body from a file:
sail api post /v2025/transforms --file-body ./transform.json
Patch Requests
Use the patch sub command to update resources.
Run the following command to update the owner of an access profile:
sail api patch /v2025/access-profiles/<access-profile-id> --body '[{"op":"replace","path":"/owner/id","value":"<identity-id>"}]'
Put Requests
Run this command to replace a transform object using the v2025 API:
sail api put /v2025/transforms/<transform-id> --body '{"name":"ToLowerCase","type":"lower","attributes":{}}'
Use the --body-file or -f flag to provide the body of the request via a file.
sail api put /v2025/transforms --file-body ./updated-transform.json
Delete Requests
Use this command to remove resources from Identity Security Cloud.
Run the following command to remove a transform from your tenant:
sail api delete /v2025/transforms/<transform-id>
Changing commands together
You can combine the --jsonpath flag with tools like jq to chain commands and perform complex operations.
For example, the following script reassigns roles from one owner to another. It uses --jsonpath to extract role IDs owned by the source identity, then updates each role with the new owner using sail api patch.
#!/bin/bash
from=$1
to=$2
if [[ -z "$from" || -z "$to" ]]; then
echo "Usage: $0 <from> <to>"
exit 1
fi
ids=$(sail api get /v2025/roles -q "filters=owner.id eq \"$from\"" --jsonpath '$.*.id')
for id in $(echo "$ids" | jq -r '.[]'); do
echo "Patching role ID: $id"
sail api patch /v2025/roles/"$id" \
--body "[{\"op\":\"replace\",\"path\":\"/owner/id\",\"value\":\"$to\"}]"
done