--- title: Entitlements description: The following are Ping Autonomous Identity filtering by entitlements endpoints: component: autonomous-identity version: 2022.11.12 page_id: autonomous-identity:api-guide:chap-entitlements-api canonical_url: https://docs.pingidentity.com/autonomous-identity/2022.11.12/api-guide/chap-entitlements-api.html section_ids: get_apientitlementssearch: GET /api/entitlements/search post_apientitlementsstats: POST /api/entitlements/stats get_apientitlementsidid: GET /api/entitlements/id/{id} get_apientitlementsunscored: GET /api/entitlements/unscored api-entitlements-distinct: GET /api/entitlements/distinct api-entitlements-recommendations: GET /api/entitlements/recommendations --- # Entitlements The following are Ping Autonomous Identity filtering by entitlements endpoints: ## GET /api/entitlements/search * GET /api/entitlements/search Search for entitlements by name and with applied filters. \[Ent Owner, App Owner, Admin] Endpoint ``` /api/entitlements/search?q=QueryString ``` Authorization ``` ``` Params ``` by appOwner or enttOwner user user ID q Search query string (required) appId Application ID to use as a filter ``` Example Request ``` curl --location --request GET 'https://autoid-api.forgerock.com/api/entitlements/search?by=enttOwner&user=john.doe&q=WEB&appId=Salesforce' \ --header 'Content-Type: application/json' ``` Example Response ``` { "values": [ { "id": "string", "app_id": "string", "app_name": "string", "entt_name": "string" } ] } ``` ## POST /api/entitlements/stats * POST /api/entitlements/stats Get data for entitlements view. \[Supervisor, Ent Owner, Admin] Endpoint ``` /api/entitlements/stats?by=supervisor/entitlementOwner/admin ``` Authorization ``` ``` Params ``` by supervisor, roleOwner ``` Body ``` { "ownerId": "timothy.slack", "isHighRiskOnly": true, "isMediumLowRiskOnly": false, "isUserEntitlementsIncluded": true, "filters": [{ "type": "app_id", "group": "criticality", "value": "Essential" }] } ``` Example Request ``` curl --location --request POST 'https://autoid-api.forgerock.com/api/entitlements/stats?by=supervisor' \ --header 'content-type: application/json' \ --data-raw '{ "ownerId": "timothy.slack", "isHighRiskOnly": true, "isMediumLowRiskOnly": false, "isUserEntitlementsIncluded": true, "filters": [{ "type": "app_id", "group": "criticality", "value": "Essential" }] }' ``` Example Response ``` { "total_entitlements": 0, "total_subordinates": 0, "unscoredEntitlements": 0, "scoredEntitlements": 0, "usersWithNoEntitlement": 0, "usersWithNoScoredEntitlement": 0, "distinct_apps": [ { "app_id": "string", "app_name": "string", "low": 0, "medium": 0, "high": 0 } ], "users": [ { "user": "string", "user_name": "string", "high": 0, "medium": 0, "low": 0, "avg": "string" } ], "entitlements": [ { "entitlement": "string", "entitlement_name": "string", "app_id": "string", "high_risk": "string", "high": 0, "medium": 0, "low": 0, "avg": "string" } ] } ``` ## GET /api/entitlements/id/{id} * GET /api/entitlements/id/{id} Get entitlement details. \[User, Supervisor, Ent Owner, App Owner, Admin] Endpoint ``` /api/entitlements/id/{id+} ``` Authorization ``` ``` Params ``` by entitlement ID ``` Example Request ``` curl --request GET "https://autoid-api.forgerock.com/api/entitlements/id/1234" \ --header "Content-Type: application/json" ``` Example Response ``` { "entitlement_name": "string", "scores": { "avg": 0, "high": 0, "medium": 0, "low": 0 }, "drivingFactors": [ { "attribute": { "id": "string", "title": "string", "value": "string" }, "count": 0 } ], "userScores": [ { "score": 0, "count": 0 } ], "users": [ { "user": "string", "user_name": "string", "app_id": "string", "freq": 0, "frequnion": 0, "justification": [ { "title": "string", "value": "string" } ], "rawJustification": [ "string" ], "score": 0 } ] } ``` ## GET /api/entitlements/unscored * GET /api/entitlements/unscored Get unscored entitlements and users for a given Supervisor or Entitlement Owner ID. \[Supervisor, Ent Owner, Admin] Endpoint ``` /api/entitlements/unscored ``` Authorization ``` ``` Params ``` by supervisor, entitlement owner user supervisor or entitlement owner user ID ``` Example Request ``` curl --request GET "https://autoid-api.forgerock.com/api/entitlements/unscored?by=supervisor&user=1234" \ --header "Content-Type: application/json" ``` ## GET /api/entitlements/distinct * GET /api/entitlements/distinct Get a list of all entitlements. Endpoint ``` /api/entitlements/distinct ``` Authorization ``` ``` Example Request ``` curl --location --request GET 'https://autoid-api.forgerock.com/api/entitlements/distinct' \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer ' ``` Example Response ``` [ { "ent_id": "AccessType : XMLP_ADMIN", "ent_name": "AccessType : XMLP_ADMIN", "ent_owner_id": "julie.yee", "app_id": "Salesforce", "ent_criticality": "Non-Essential", "ent_risk_level": "Medium" } ] ``` ## GET /api/entitlements/recommendations * GET /api/entitlements/recommendations Get a list of entitlement recommendations for a given set of user attributes. Endpoint ``` /api/entitlements/recommendations ``` Authorization ``` ``` Body ``` { "confidenceThreshold": 0.1, "maxResults": 1000, "offset": 200, "userAttributes": [ "0E_USR_MANAGER_ID_gregory.suhr", "13_USR_DEPARTMENT_NAME_Facilities Area A", "0C_CHIEF_YES_NO_No", "0C_MANAGER_NAME_Gregory Suhr", "0C_USR_EMP_TYPE_Employee", "13_USR_DEPARTMENT_NAME_Wireless Operations" ] } ``` Example Request ``` curl --request GET "https://autoid-api.forgerock.com/api/entitlements/recommendations" \ --header "Content-Type: application/json" \ --header "Authorization: Bearer " \ --data-raw '{ "confidenceThreshold": 0.1, "maxResults": 1000, "offset": 200, "userAttributes": [ "0E_USR_MANAGER_ID_gregory.suhr", "13_USR_DEPARTMENT_NAME_Facilities Area A", "0C_CHIEF_YES_NO_No", "0C_MANAGER_NAME_Gregory Suhr", "0C_USR_EMP_TYPE_Employee", "13_USR_DEPARTMENT_NAME_Wireless Operations" ] }' ``` Example Response ``` [ { "attributes": [ "0C_CHIEF_YES_NO_No", "0E_USR_MANAGER_ID_gregory.suhr" ], "entitlement": "06_ENT_ID_WEB_user_WEB RCQ Flare NonIT Distribution_II", "confidence": 0.14, "frequency": 22 }, { "attributes": [ "0C_MANAGER_NAME_Gregory Suhr", "13_USR_DEPARTMENT_NAME_Facilities Area A" ], "entitlement": "06_ENT_ID_Web_tildeNon-security plus", "confidence": 0.14, "frequency": 28 }, ] ```