Access Request
The following are Identity Governance API Access Request endpoints:
access-request/user
Requests against the /user endpoint
- GET Get User
-
Allows end users to query against user population
Endpoint
{{idmRoot}}/access-request/user?queryString=johnHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
queryString John _fields _pageSize _pagedResultsOffser _sortKeys
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/user?queryString=John' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get Visible Requestees
-
Retrieves the list of user IDs that the authenticated user is allowed to see access for (themselves and their direct reports)
Endpoint
{{+idmRoot}}/access-request/user/requesteesHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_fields _pageSize _pagedResultsOffser _sortKeys
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/user/requestees' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get User BY Id
-
Allow end-users to query a specific user.
Endpoint
{{idmRoot}}/access-request/user/{{targetUserId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/access-request/user/{{targetUserId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json'
access-request/item
Requests against the /item endpoint
- GET Get Item
-
Allows end users to query individual items.
Endpoint
{{idmRoot}}/access-request/item?queryString=AdminHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
queryString Admin _fields _pageSize _pagedResultsOffser _sortKeys
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/item?queryString=Admin' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get Item By Id
-
Allows end users to query a specific item.
Endpoint
{{idmRoot}}/access-request/{{itemId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/access-request/item/{{itemId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - POST Get Request Fields For Item
-
Given a glossary item ID, return the fields that can be submitted with a request for that item.
Endpoint
{{idmRoot}}/access-request/item/fields/{{itemId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonBody raw
{}Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/item/fields/{{itemId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{}' - POST Get Request Fields For Items
-
Given a list of glossary item IDs, return the fields that can be submitted with a request for those items.
Endpoint
{{idmRoot}}/access-request/item/fieldsHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonBody raw
{ "itemIds": [ "e7997f97-cd00-4f16-b566-01879185eb2e", "c336c6a5-da19-4078-8ba5-3a297c605564" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/item/fields' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "itemIds": [ "e7997f97-cd00-4f16-b566-01879185eb2e", "c336c6a5-da19-4078-8ba5-3a297c605564" ] }'
access-request/bundle
Requests against the /bundle endpoint.
- GET Get Bundle
-
Allows end users to query requestable bundles.
Endpoint
{{idmRoot}}/access-request/bundle?queryString=AdminHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
queryString Admin _fields _pageSize _pagedResultsOffser _sortKeys
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/bundle?queryString=Admin' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get Bundle By Id
-
Allows end users to query a specific requestable bundle.
Endpoint
**{{idmRoot}}/access-request/bundle/{{bundleId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/access-request/bundle/{{bundleId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - POST Create Bundle
-
Allows end users to query a specific requestable bundle.
Endpoint
**{{idmRoot}}/access-request/bundle/{{bundleId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonBody raw
{ "name": "Administrator Bundle", "description": "Collection of administrator roles", "class": "requestable-item-bundle", "constraints": {}, "itemIds": [ "{{itemId}}", "{{itemId2}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/bundle' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "name": "Administrator Bundle", "description": "Collection of administrator roles", "class": "requestable-item-bundle", "constraints": {}, "itemIds": [ "{{itemId}}", "{{itemId2}}" ] }' - POST Update Bundle
-
Update an existing bundle definition.
Endpoint
**{{idmRoot}}/access-request/bundle/{{bundleId}}?_action=updateHeaders
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonParams Body raw
_action update
Body raw
{ "_id": "{{bundleId}}", "name": "Administrator Bundle", "description": "Collection of administrator roles", "class": "requestable-item-bundle", "constraints": {}, "itemIds": [ "{{itemId}}", "{{itemId2}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/bundle/{{bundleId}}?_action=update' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "_id": "{{bundleId}}", "name": "Administrator Bundle", "description": "Collection of administrator roles", "class": "requestable-item-bundle", "constraints": {}, "itemIds": [ "{{itemId}}", "{{itemId2}}" ] }' - DEL Delete Bundle
-
Allows end users to delete a specific requestable bundle.
Endpoint
**{{idmRoot}}/access-request/bundle/{{bundleId}}Headers
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonBody raw
{}Example Request
curl --location -g --request DELETE '{{idmRoot}}/access-request/bundle/{{bundleId}}' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{}'
access-request/requestFields
Requests against the /requestFields endpoint.
- GET Get Request Fields
-
Query for defined request fields that can be assigned to any requestable item.
Endpoint
{{idmRoot}}/access-request/requestFields?pageSize=10&pageNumber=0Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
pageSize 10 pageNumber 0 sortBy q (filter term) name (match name property)
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/requestFields?pageSize=10&pageNumber=0' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' - POST Create Request Field
-
Create a request field that can be assigned to any requestable item.
Endpoint
{{idmRoot}}/access-request/requestFields?_action=createHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action create
Body raw
{ "name": "Justification", "description": "Reason for requesting this access", "inputType": "text", "required": true }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/requestFields?_action=create' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "name": "Justification", "description": "Reason for requesting this access", "inputType": "text", "required": true }' - POST Create Request Field - 2
-
Create a request field that can be assigned to any requestable item.
Endpoint
{{idmRoot}}/access-request/requestFields?_action=createHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action create
Body raw
{ "name": "Location", "description": "Choose the location at which you are working", "inputType": "radio", "inputOptions": [ "New York", "Miami" ], "required": true }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/requestFields?_action=create' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "name": "Location", "description": "Choose the location at which you are working", "inputType": "radio", "inputOptions": [ "New York", "Miami" ], "required": true }' - POST Update Request Field
-
Update a request field that can be assigned to any requestable item.
Endpoint
{{idmRoot}}/access-request/requestFields//{{requestfieldid}}?_action=updateHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action update
Body raw
{ "name": "Justification", "description": "Reason for requesting this access", "inputType": "text", "required": true }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/requestFields/{{requestfieldid}}?_action=update' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "name": "Justification", "description": "Reason for requesting this access", "inputType": "text", "required": true }' - POST Delete Request Field
-
Delete a request field that can be assigned to any requestable item.
Endpoint
{{idmRoot}}/access-request/requestFields//{{requestfieldid}}?_action=updateHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action delete
Body raw
{ "fieldIds": [ "{{requestfieldid}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/requestFields?_action=delete' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "fieldIds": [ "{{requestfieldid}}" ] }'
access-request/requestable
Requests against the /requestable endpoint.
- GET Get Requestable Item
-
Query requestable item (item or bundle) by its ID.
Endpoint
{{idmRoot}}/access-request/requestable/{{itemId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/access-request/requestable/{{itemId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get Requestable Items
-
Query requestable items (item or bundle).
Endpoint
{{idmRoot}}/access-request/requestableHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
userId Check the requestable item’s against the user to see if they are assigned to them.
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/requestable' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json'
access-request/approval
Requests against the /approval endpoint.
- GET Get Approval
-
Get an approval task its ID.
Endpoint
{{idmRoot}}/access-request/approval/{{approvalTaskId}}Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/access-request/approval/{{approvalTaskId}}' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get Approvals
-
Get approval tasks assigned to user.
Endpoint
{{idmRoot}}/access-request/approval?pageSize=10&pageNumber=0Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
pageSize 10 pageNumber 0 _fields sortBy requesteeId requesterId itemId id
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/approval?pageSize=10&pageNumber=0' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get Approval Count
-
Get current number of active approval tasks assigned to user.
Endpoint
{{idmRoot}}/access-request/approval?getResultCount=trueHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_fields sortBy requesteeId requesterId itemId getResultCount true
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/approval?getResultCount=true' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get Approvals - Admin
-
Get approval tasks, as administrator.
Endpoint
{{idmRoot}}/access-request/approval?pageSize=10&pageNumber=0Headers
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonParams
pageSize 10 pageNumber 0 _fields sortBy approverId requesterId requesteeId itemId id
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/approval/admin?pageSize=10&pageNumber=0' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' - POST Create Approval Task
-
Manually create an approval task. For use within custom workflows.
Endpoint
{{idmRoot}}/access-request/requestFields//{{requestFieldId}}?_action=updateHeaders
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonBody raw
{ "requestId": "{{requestId}}", "itemIds":[ "{{itemId}}" ], "approverId": "{{approverId}}", "workflowTaskId": "{{workflowTaskId}}" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/requestFields?_action=delete' \ curl --location -g --request POST '{{idmRoot}}/access-request/approval' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "requestId": "{{requestId}}", "itemIds":[ "{{itemId}}" ], "approverId": "{{approverId}}", "workflowTaskId": "{{workflowTaskId}}" }' - POST Get Autonomous Identity Recommendations For Use
-
Queries Autonomous Identity to get recommendations for entitlements for the given user.
Endpoint
{{idmRoot}}/access-request/approval?_action=getRecommendationsHeaders
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonParams
_action getRecommendations
Body raw
{ "userId": "{{requestId}}", "entitlements":[ "{{itemId}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/approval?_action=getRecommendations' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "userId": "{{requestId}}", "entitlements":[ "{{itemId}}" ] }' - GET Get Approval Repository Object
-
Directly read an approval task from the repository. Also, supports PUT and DELETE operations.
Endpoint
{{idmRoot}}/repo/governance/approvalTask/ {{approvalTaskId}}Headers
X-OpenIDM-Username {{idmAdminUsername}} X-OpenIDM-Password {{idmAdminPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/repo/governance/approvalTask/{{approvalTaskId}}' \ --header 'X-OpenIDM-Username: {{idmAdminUsername}}' \ --header 'X-OpenIDM-Password: {{idmAdminPassword}}' \ --header 'Content-Type: application/json' - GET Query Approval Repository Objects
-
Query the repository objects for approval tasks directly.
Endpoint
{{idmRoot}}/repo/governance/approvalTask?_queryFilter=trueHeaders
X-OpenIDM-Username {{idmAdminUsername}} X-OpenIDM-Password {{idmAdminPassword}} Content-Type application/jsonExample Request
_queryFilter true
Example Request
curl --location -g --request GET '{{idmRoot}}/repo/governance/approvalTask?_queryFilter=true' \ --header 'X-OpenIDM-Username: {{idmAdminUsername}}' \ --header 'X-OpenIDM-Password: {{idmAdminPassword}}' \ --header 'Content-Type: application/json'
access-request/request
Requests against the /request endpoint.
- POST Cancel Request(s)
-
As an access request adminstrator, requester, or requestee, cancel the requests provided.
Endpoint
{{idmRoot}}/access-request/request?_action=cancelHeaders
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonParams
_action cancel
Body raw
{ "requestIds": [ "{{requestId}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=cancel' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "requestIds": [ "{{requestId}}" ] }' - POST Create Request
-
Create a request for access.
Endpoint
{{idmRoot}}/access-request/requestHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonBody raw
{ "userIds":[ "1sasdaf97-cd00-4f16-b566-01879185eb2e" ], "items":[ { "itemId":"{{itemId}}", "requestType":"add", "fields": { } } ], "comment": "Comment" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "userIds":[ "1sasdaf97-cd00-4f16-b566-01879185eb2e" ], "items":[ { "itemId":"{{itemId}}", "requestType":"add", "fields": { } } ], "comment": "Comment" }' - POST Create Request Policy Check
-
Given a create request payload, check whether the request would result in any policy violations.
Endpoint
{{idmRoot}}/access-request/request/policyHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonBody raw
{ "userIds":[ "222" ], "items":[ { "itemId":"managed/role/2007", "requestType":"add" } ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request/policy' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "userIds":[ "222" ], "items":[ { "itemId":"managed/role/2007", "requestType":"add" } ] }' - GET Get Requests
-
Get requests for the user.
Endpoint
{{idmRoot}}/access-request/request?status=active&pageSize=10&pageNumber=0Headers
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
status active pageSize 10 pageNumber 0 sortBy approverId requesteeId requesterId itemId id
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/request?status=active&pageSize=10&pageNumber=0' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - GET Get Requests - Admin
-
Get requests as an administrator.
Endpoint
{{idmRoot}}/access-request/request/admin?status=active&pageSize=10&pageNumbeHeaders
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonParams
status active pageSize 10 pageNumber 0 sortBy approverId requesteeId requesterId itemId id
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/request/admin?status=active&pageSize=10&pageNumber=' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' - GET Get Request
-
Get requests by ID..
Endpoint
{{idmRoot}}/access-request/request/{{requestId}}Headers
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/access-request/request/{{requestId}}' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' - GET Get Request Repository Object
-
Read a request object directly from the repository. Also, supports PUT and DELETE operations.
Endpoint
{{idmRoot}}/repo/governance/request?_queryFilter=trueHeaders
X-OpenIDM-Username {{idmAdminUsername}} X-OpenIDM-Password {{idmAdminPassword}} Content-Type application/jsonParams
_queryFilter true
Example Request
curl --location -g --request GET '{{idmRoot}}/repo/governance/request?_queryFilter=true' \ --header 'X-OpenIDM-Username: {{idmAdminUsername}}' \ --header 'X-OpenIDM-Password: {{idmAdminPassword}}' \ --header 'Content-Type: application/json' - GET Query Request Repository Objects
-
Query repository for request objects directly.
Endpoint
{{idmRoot}}/repo/governance/request?_queryFilter=trueHeaders
X-OpenIDM-Username {{idmAdminUsername}} X-OpenIDM-Password {{idmAdminPassword}} Content-Type application/jsonParams
_queryFilter true
Example Request
curl --location -g --request GET '{{idmRoot}}/repo/governance/request?_queryFilter=true' \ --header 'X-OpenIDM-Username: {{idmAdminUsername}}' \ --header 'X-OpenIDM-Password: {{idmAdminPassword}}' \ --header 'Content-Type: application/json' - POST Reassign Approval Task
-
Reassign a task to a new user/group
Endpoint
{{idmRoot}}/access-request/request?_action=reassignHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action reassign
Body raw
{ "approvalIds": [ "{{approvalTaskId}}" ], "newApproverId": "managed/user/211" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=reassign' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "approvalIds": [ "{{approvalTaskId}}" ], "newApproverId": "managed/user/211" }' - POST Consult Approval Task
-
Add a consulting user/group to the approval task
Endpoint
{{idmRoot}}/access-request/request?_action=consultHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action consult
Body raw
{ "approvalIds": [ "{{approvalTaskId}}" ], "consultId": "managed/user/235" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=consult' \ --header 'X-OpenIDM-Username: {{endUserPassword}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "approvalIds": [ "{{approvalTaskId}}" ], "consultId": "managed/user/235" }' - POST Cancel Consult Approval Task
-
Cancel a consulting user/group to the approval task
Endpoint
{{idmRoot}}/access-request/request?_action=cancelconsultHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action cancelconsult
Body raw
{ "approvalIds": [ "{{approvalTaskId}}" ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=cancelconsult' \ --header 'X-OpenIDM-Username: {{endUserPassword}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "approvalIds": [ "{{approvalTaskId}}" ] }' - POST Upload File To Request
-
Upload file to a given request. Optionally provide itemIds within the request that the file are specific to.
Endpoint
{{idmRoot}}/access-request/request?_action=uploadHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action upload
Body raw
{ "requestId": "{{requestId}}", "itemIds": [ "{{itemId}}" ], "fileName": "report.pdf", "fileType": "text/plain", "content": "dGhpcyBpcyBhIGZpbGU=" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=upload' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "requestId": "{{requestId}}", "itemIds": [ "{{itemId}}" ], "fileName": "report.pdf", "fileType": "text/plain", "content": "dGhpcyBpcyBhIGZpbGU=" }' - GET Download File From Request
-
Download a file from a request given a request ID and file name.
Endpoint
{{idmRoot}}/access-request/request/download?fileName&requestIdHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
fileName Name of file requestId ID of request file is attached to
Example Request
curl --location -g --request GET '{{idmRoot}}/access-request/request/download?fileName=&requestId=' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' - POST Download File From Request
-
Download a file from a given request
Endpoint
{{idmRoot}}/access-request/request?_action=downloadHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action download
Body raw
{ "requestId": "{{requestId}}", "fileName": "report.pdf" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=download' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "requestId": "{{requestId}}", "fileName": "report.pdf" }' - POST Delete File From Request
-
Remove a file from a given request
Endpoint
{{idmRoot}}/access-request/request?_action=removeFileHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action removeFile
Body raw
{ "requestId": "{{requestId}}", "fileName": "report.pdf" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=removeFile' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "requestId": "{{requestId}}", "fileName": "report.pdf" }' - POST Comment on Request
-
Comment on a request. Optionally provide the specific items within the request that this comment will apply to.
Endpoint
{{idmRoot}}/access-request/request?_action=commentHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action removeFile
Body raw
{ "requestId": "{{requestId}}", "itemIds": [ "{{itemId}}" ], "comment": "Comment", "isHidden": false }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=comment' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "requestId": "{{requestId}}", "itemIds": [ "{{itemId}}" ], "comment": "Comment", "isHidden": false }' - POST Complete Approval Task
-
Complete an approval task as the approver. This endpoint with action 'complete' requires individual item decisions to be included in the request body.
Endpoint
{{idmRoot}}/access-request/request/approval?_action=completeHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action complete
Body raw
{ "approvalId": "{{approvalTaskId}}", "approvalData": [ { "itemId": "{{itemId}}", "outcome": "approved" } ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request/approval?_action=complete' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "approvalId": "{{approvalTaskId}}", "approvalData": [ { "itemId": "{{itemId}}", "outcome": "approved" } ] }' - POST Complete Approval Task - Approval All
-
Complete an approval task as the approver. This endpoint with action 'complete' requires individual item decisions to be included in the request body.
Endpoint
{{idmRoot}}/access-request/request/approval?_action=approvedHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action approval
Body raw
{ "approvalId": "{{approvalTaskId}}", "comment": "Comment" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request/approval?_action=approved' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "approvalId": "{{approvalTaskId}}", "comment": "Comment" }' - POST Complete Approval Task - Reject All
-
Complete an approval task, rejecting all of the task’s items.
Endpoint
{{idmRoot}}/access-request/request/approval?_action=rejectedHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action rejected
Body raw
{ "approvalId": "{{approvalTaskId}}", "comment": "Comment" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request/approval?_action=rejected' \ --header 'X-OpenIDM-Username: {{endUserUsername}}' \ --header 'X-OpenIDM-Password: {{endUserPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "approvalId": "{{approvalTaskId}}", "comment": "Comment" }' - POST Update Request’s Items
-
Complete an approval task, rejecting all of the task’s items.
Endpoint
{{idmRoot}}/access-request/request/{{requestId}}?_action=asdasdHeaders
X-OpenIDM-Username {{endUserUsername}} X-OpenIDM-Password {{endUserPassword}} Content-Type application/jsonParams
_action asdasd
Body raw
{ "items": [ { "itemId": "40b83cb6-1749-48eb-9c89-2a3b1fae71ab", "fields": [], "timesApproved": 2, "outcome": "provisioned" } ] }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/request/{{requestId}}?_action=asdasd' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "items": [ { "itemId": "40b83cb6-1749-48eb-9c89-2a3b1fae71ab", "fields": [], "timesApproved": 2, "outcome": "provisioned" } ] }'
access-request/notification
Requests against the /notification endpoint.
- POST Send Notification
-
As an access request administrator, send any of the defined Request notifications. To be used within custom workflows if notifications need to be sent at a certain juncture.
Endpoint
{{idmRoot}}/access-request/notification/APPROVAL_TASK_CREATED/{{approvalTaskId}}Headers
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonBody raw
{}Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/notification/APPROVAL_TASK_CREATED/{{approvalTaskId}}' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{}'
access-request/provision
Requests against the /provision endpoint.
- POST Provision Access From Request
-
As an access request administrator, send any of the defined Request notifications. To be used within custom workflows if notifications need to be sent at a certain juncture.
Endpoint
{{idmRoot}}/access-request/provisionHeaders
X-OpenIDM-Username {{arAdminUsername}} X-OpenIDM-Password {{arAdminPassword}} Content-Type application/jsonBody raw
{ "requestId": "{{requestId}}", "itemId": "{{itemId}}", "requestType": "add" }Example Request
curl --location -g --request POST '{{idmRoot}}/access-request/provision' \ --header 'X-OpenIDM-Username: {{arAdminUsername}}' \ --header 'X-OpenIDM-Password: {{arAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "requestId": "{{requestId}}", "itemId": "{{itemId}}", "requestType": "add" }'
commons/glossary
Requests against the commons/glossary endpoint.
- GET Get Workflow Definitions
-
Query IDM for the available workflow definitions. Used for front-end forms.
Endpoint
{{idmRoot}}/commons/workflowHeaders
X-OpenIDM-Username {{idmAdminUsername}} X-OpenIDM-Password {{idmAdminPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/commons/workflow' \ --header 'X-OpenIDM-Username: {{idmAdminUsername}}' \ --header 'X-OpenIDM-Password: {{idmAdminPassword}}' \ --header 'Content-Type: application/json' - GET Get Glossary Entry By ID
-
Read a specific glossary entry.
Endpoint
{{idmRoot}}/commons/glossary/{{glossaryEntryId}}Headers
X-OpenIDM-Username {{glossaryAdminUsername}} X-OpenIDM-Password {{glossaryAdminPassword}} Content-Type application/jsonExample Request
curl --location -g --request GET '{{idmRoot}}/commons/glossary/{{glossaryEntryId}}' \ --header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \ --header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \ --header 'Content-Type: application/json' - DEL Delete Glossary Entry By ID
-
Delete a specific glossary entry.
Endpoint
{{idmRoot}}/commons/glossary/{{glossaryEntryId}}Headers
X-OpenIDM-Username {{glossaryAdminUsername}} X-OpenIDM-Password {{glossaryAdminPassword}} Content-Type application/jsonBody raw
{ "userId": "c336c6a5-da19-4078-8ba5-3a297c605564", "attributes": [ { "attribute": "roles", "value": "managed/role/2007", "action": "add" } ] }Example Request
curl --location -g --request DELETE '{{idmRoot}}/commons/glossary/{{glossaryEntryId}}' \ --header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \ --header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "userId": "c336c6a5-da19-4078-8ba5-3a297c605564", "attributes": [ { "attribute": "roles", "value": "managed/role/2007", "action": "add" } ] }' - POST Update Glossary Entry
-
Update a specific glossary entry.
Endpoint
{{idmRoot}}/commons/glossary/{{glossaryEntryId}}?_action=updateHeaders
X-OpenIDM-Username {{glossaryAdminUsername}} X-OpenIDM-Password {{glossaryAdminPassword}} Content-Type application/jsonParams
_action update
Body raw
{ "_rev": "2", "requestable": true, "approvers": [ "manager", "entitlementOwner" ], "displayName": "Cloud Infrastructure Approver!", "description": "Grants user access required for Cloud Infrastructure Approver", "objectId": "managed/role/2070", "riskLevel": 1, "constraints": { "riskLevel": { "type": "integer" }, "highRiskApprover": { "type": "managed object id" }, "description": { "type": "string" }, "entitlementOwner": { "type": "managed object id" }, "approvers": { "type": "array" }, "requestable": { "type": "boolean" } }, "class": "object", "entitlementOwner": "managed/role/2070", "order": [] }Example Request
curl --location -g --request POST '{{idmRoot}}/commons/glossary/{{glossaryEntryId}}?_action=update' \ --header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \ --header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "_rev": "2", "requestable": true, "approvers": [ "manager", "entitlementOwner" ], "displayName": "Cloud Infrastructure Approver!", "description": "Grants user access required for Cloud Infrastructure Approver", "objectId": "managed/role/2070", "riskLevel": 1, "constraints": { "riskLevel": { "type": "integer" }, "highRiskApprover": { "type": "managed object id" }, "description": { "type": "string" }, "entitlementOwner": { "type": "managed object id" }, "approvers": { "type": "array" }, "requestable": { "type": "boolean" } }, "class": "object", "entitlementOwner": "managed/role/2070", "order": [] }' - POST Create Glossary Entry
-
Create a new glossary entry.
Endpoint
{{idmRoot}}/commons/glossary?_action=createHeaders
X-OpenIDM-Username {{glossaryAdminUsername}} X-OpenIDM-Password {{glossaryAdminPassword}} Content-Type** application/jsonParams
_action create
Body raw
{ "class":"identity-value", "constraints":{ "_id":{ "type":"id" }, "_rev":{ }, "class":{ "type":"string" }, "constraints":{ "type":"object" }, "attributeName":{ "type":"string" }, "attributeValue":{ }, "requestFields":{ "type":"array" }, "description":{ "type":"string" } }, "attributeName":"jobCode", "attributeValue":"B456", "requestFields":[ ], "description":"Marketing job code" }Example Request
curl --location -g --request POST '{{idmRoot}}/commons/glossary?_action=create' \ --header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \ --header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "class":"identity-value", "constraints":{ "_id":{ "type":"id" }, "_rev":{ }, "class":{ "type":"string" }, "constraints":{ "type":"object" }, "attributeName":{ "type":"string" }, "attributeValue":{ }, "requestFields":{ "type":"array" }, "description":{ "type":"string" } }, "attributeName":"jobCode", "attributeValue":"B456", "requestFields":[ ], "description":"Marketing job code" }' - GET Query Glossary Entries
-
Query entries in the governance glossary
Endpoint
{{idmRoot}}/commons/glossaryHeaders
X-OpenIDM-Username {{glossaryAdminUsername}} X-OpenIDM-Password {{glossaryAdminPassword}} Content-Type application/jsonParams
queryFilter
Example Request
curl --location -g --request GET '{{idmRoot}}/commons/glossary' \ --header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \ --header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \ --header 'Content-Type: application/json' - POST Create Glossary Entry
-
Create a new glossary entry.
Endpoint
{{idmRoot}}/commons/glossary?_action=createHeaders
X-OpenIDM-Username {{glossaryAdminUsername}} X-OpenIDM-Password {{glossaryAdminPassword}} Content-Type application/jsonParams
_action create
Body raw
{ "class":"identity-value", "constraints":{ "_id":{ "type":"id" }, "_rev":{ }, "class":{ "type":"string" }, "constraints":{ "type":"object" }, "attributeName":{ "type":"string" }, "attributeValue":{ }, "requestFields":{ "type":"array" }, "description":{ "type":"string" } }, "attributeName":"jobCode", "attributeValue":"B456", "requestFields":[ ], "description":"Marketing job code" }Example Request
curl --location -g --request POST '{{idmRoot}}/commons/glossary?_action=create' \ --header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \ --header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \ --header 'Content-Type: application/json' \ --data-raw '{ "class":"identity-value", "constraints":{ "_id":{ "type":"id" }, "_rev":{ }, "class":{ "type":"string" }, "constraints":{ "type":"object" }, "attributeName":{ "type":"string" }, "attributeValue":{ }, "requestFields":{ "type":"array" }, "description":{ "type":"string" } }, "attributeName":"jobCode", "attributeValue":"B456", "requestFields":[ ], "description":"Marketing job code" }' - GET Query Glossary Entries
-
Query entries in the governance glossary
Endpoint
{{idmRoot}}/commons/glossaryHeaders
X-OpenIDM-Username {{glossaryAdminUsername}} X-OpenIDM-Password {{glossaryAdminPassword}} Content-Type application/jsonParams
queryFilter
Example Request
curl --location -g --request GET '{{idmRoot}}/commons/glossary' \ --header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \ --header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \ --header 'Content-Type: application/json' - POST Check User Update Against Policies
-
Given a userId and a list of attribute changes (in the format of attribute, value, and action), check the system’s active policies against the user if their access was changed via the list of attribute changes.
| This is an Access Review endpoint, available with the release of Access Request 2.0 |
+
Endpoint
{{idmRoot}}/governance/policyScan?_action=check
+
Headers
X-OpenIDM-Username {{reviewAdminUsername}}
X-OpenIDM-Password {{reviewAdminPassword}}
Content-Type application/json
+
Params
_action check
+
Body raw
{
"userId": "c336c6a5-da19-4078-8ba5-3a297c605564",
"attributes": [
{
"attribute": "roles",
"value": "managed/role/2007",
"action": "add"
}
]
}
+
Example Request
curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=check' \
--header 'X-OpenIDM-Username: {{reviewAdminUsername}}' \
--header 'X-OpenIDM-Password: {{reviewAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
"userId": "c336c6a5-da19-4078-8ba5-3a297c605564",
"attributes": [
{
"attribute": "roles",
"value": "managed/role/2007",
"action": "add"
}
]
}'