Access Control
The following are Autonomous Identity access control endpoints (Updated APIs in this release are marked with ):
GET /api/userDetails/decisions
- GET /api/userDetails/decisions
-
Get the current entitlement decisions for the user. [Supervisor, Ent Owner, App Owner, Admin]
Endpoint
/api/userDetails/decisions
Authorization
<Bearer Token JWT-value> OR <API-KEY>
Param
user=john.doe
Query Parameters Parameter Type Description user
string
User ID (required)
filter
object
Filter to add (single property shown below)
Filter Query Object Properties Parameter Type Description datasinkStatus
string
Datasink status filter ('ack' or 'nack')
timestampThresholds
Timestamp threshold object
timestampThresholds Object Properties Parameter Type Description gt
string
Greater than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gte.
gte
string
Greater than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gt.
lt
string
Less than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with lte.
lte
string
Less than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with le.
Example Request (DatasinkStatus Filter)
curl -k -X GET \ 'datasinkStatus=nack' \ -H 'Authorization: Bearer <token value>' \ <or> -H 'X-API-KEY: <api key value>' \ -H 'Content-Type: application/json'
Example Response (DatasinkStatus Filter)
{ "decisions": [ { "user": "john.doe", "entitlement": "ent_1", "is_certified": false, "is_revoked": false, "is_processed": false, "is_archived": false, "author": "jane.smith", "author_name": "Jane Smith", "author_type": "Zoran Admin", "reason": null, "last_updated": "2022-01-11T19:48:17.195Z", "datasink_status": "nack", "usr_name": "John Doe", "ent_name": "Entitlement 1", "app_id": "Gateway", "app_name": "Gateway", "usr_manager_id": "john.smith", "conf": 0.75, "freq": 4, "freqUnion": 3 } ] }
POST /api/userDetails/decisions
- POST /api/userDetails/decisions
-
Update entitlement decisions for users. [Supervisor, Ent Owner, App Owner, Admin]
Endpoint
/api/userDetails/decisions
Authorization
<Bearer Token JWT-value> OR <API-KEY>
Request Body Parameters Parameter Type Description assignments
array of assignment objects
List of assignments affected by the decision (available properties listed below)(required)
is_certified
boolean
Certification decision
is_revoked
boolean
Revoke decision
is_requested
boolean
Decision is processed
reason
string
Reason for decision
datasink_status
string
Datasink status ('ack' or 'nack')
Assignments Object Properties Parameter Type Description user
string
User ID (required)
entitlements
string array
List of entitlement ID’s (required)
Body
{ "assignments": [ { "user": "string", "entitlements": [ "string" ] } ], "is_certified": true, "is_revoked": true, "is_requested": true, "is_processed": true, "reason": "string", "datasink_status": "nack" }
Example Request
curl --request POST "https://autoid-api.forgerock.com/api/userDetails/decisions" \ -H "accept: /" -H "Content-Type: application/json" \ --data-raw '{ "assignments": [ { "user": "string", "entitlements": [ "string" ] } ], "is_certified": true, "is_revoked": true, "is_requested": true, "is_processed": true, "reason": "string", "datasink_status": "nack" }'
Example Response
{ "status": 200 }
POST /api/rules/decision
- POST /api/rules/decision
-
Update rule decisions. [Supervisor, Ent Owner, App Owner, Admin]
Endpoint
/api/rules/decision
Authorization
<Bearer Token JWT-value>
Request Body Parameters Parameter Type Description rules
array of rules objects
List of rules affected by the decision (available properties listed below)(required)
is_autocertify
boolean
Auto-Certification decision (required)
is_autorequest
boolean
Auto-Request decision (required)
autocertify_reason
boolean
Auto-Certification reason (required)
autorequest_reason
boolean
Auto-Request reason (required)
datasink_status
string
Datasink status ('ack' or 'nack')
Rule Object Properties Parameter Type Description entitlement
string
Entitlement ID (required)
justification
string array
List of raw justifications (required)
Body
{ "rules": [ { "entitlement": "string", "justification": [ "string" ] } ], "is_autocertify": true, "is_autorequest": true, "autocertify_reason": "string", "autorequest_reason": "string" }
Example Request
curl -k -X POST \ "https://autoid-api.forgerock.com/api/rules/decision" \ -H 'Authorization: Bearer <token-value>' \ -H "accept: /" -H "Content-Type: application/json" \ --data-raw '{ "rules": [ { "entitlement": "Ent_1", "justification": [ "0C_CHIEF_YES_NO_Yes", "0C_JOBCODE_NAME_Service Representitive II", "0C_MANAGER_NAME_John_Doe", "0C_USR_EMP_TYPE_Non-Employee" ] } ], "is_autocertify": true, "is_autorequest": false, "autocertify_reason": "Goodbye, world.", "autorequest_reason": "Hello, world." }'
Example Response
Status 204: No Content