Rules
The following are Autonomous Identity rules endpoints (Updated APIs in this release are marked with ):
GET /api/rules/info
- GET /api/rules/info
-
List information and statistics regarding available rules. [Ent Owner, App Owner, Admin]
Endpoint
/api/rules/info
Authorization
<Bearer Token JWT-value>
Params
by enttowner, appOwner user patrick.murphy
Example Request
curl --request GET "https://autoid-api.forgerock.com/api/rules/info?by=appOwner&user=patrick.murphy" \ --header "Content-Type: application/json"
Example Response
{ "countRules": 0, "countAssignments": 0, "countApplications": 0, "applications": [ { "app_id": "string", "app_name": "string", "countAssignments": 0, "low": 0, "medium": 0, "high": 0 } ] }
GET /api/rules
- GET /api/rules
-
List the available rules for a user [Ent Owner, App Owner, Admin]. You can filter by time period by using greater than and/or less than date-times.
Endpoint
/api/rules/
Authorization
<Bearer Token JWT-value> OR <API-KEY>
Query Parameters Parameter Type Description by
string
User type to apply when searching rules:
enttOwner
,appOwner
user
string
User ID when applying by filters (required if using "by")
cursor
string
Position to start a 2+ page list.
pageSize
number
Number of records per page to retrieve.
filter
filter object
Additional filters to apply (see properties below).
Filter Query Object Properties Parameter Type Description lowConfidence
boolean
Low confidence scores only.
medConfidence
boolean
Medium confidence scores only.
highConfidence
boolean
High confidence scores only.
app_id
string array
Array of application IDs.
autoCertify
boolean
Auto-certified only.
autoRequest
boolean
Auto-requested only.
entitlement
string
Entitlement ID
datasinkStatus
string
Datasink status filter ('ack' or 'nack')
timestampThresholds
object
Timestamp threshold object (available properties below)
timestampThresholds Object Properties Parameter Type Description gt
string
Greater than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gte.
gte
string
Greater than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with gt.
lt
string
Less than timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with lte.
lte
string
Less than or equal timestamp (format: yyyy-mm-ddThh:mm:ss.SSSZ). Cannot be present with le.
Example Request (Datasink status filter)
curl -k -X GET \ 'datasinkStatus=ack' \ -H 'Authorization: Bearer <token value>' <OR> -H 'X-API-KEY: <api-key-value>' \ -H 'Content-Type: application/json'
Example Response (Datasink status filter)
{ "cursor": null, "totalRulesCount": 1, "rules": [ { "entitlement": { "ent_id": "Cognos EDI Reporting", "ent_owner_id": "david.elliott", "ent_criticality": "Essential", "ent_risk_level": "High", "ent_name": "Cognos EDI Reporting", "app_id": "SAP" }, "app": { "app_criticality": "Essential", "app_name": "SAP", "app_owner_id": "derick.hui", "app_risk_level": "High", "app_id": "SAP" }, "justification": [ { "id": "CHIEF_YES_NO", "title": "Chief?", "value": "No" }, { "id": "MANAGER_NAME", "title": "Manager_Name", "value": "Patrick Gardner" }, { "id": "USR_EMP_TYPE", "title": "Employee Type", "value": "Employee" }, { "id": "USR_DEPARTMENT_NAME", "title": "User department Name", "value": "General Office" } ], "rawJustification": [ "0C_CHIEF_YES_NO_No", "0C_MANAGER_NAME_Patrick Gardner", "0C_USR_EMP_TYPE_Employee", "13_USR_DEPARTMENT_NAME_General Office" ], "assignees": [ { "id": "gordon.choy", "name": "Gordon Choy" }, { "id": "jennifer.kanenaga", "name": "Jennifer Kanenaga" }, { "id": "lawrence.nicholls", "name": "Lawrence Nicholls" }, { "id": "roel.dilag", "name": "Roel Dilag" }, { "id": "salvatore.taormina", "name": "Salvatore Taormina" } ], "confidence": 1, "countUnassigned": 0, "countAssigned": 5, "isAutoCertify": true, "autoCertifyDate": "2021-10-01T19:01:31.567Z", "isAutoRequest": true, "autoRequestDate": "2021-10-01T19:01:31.567Z", "approvalAuthor": { "id": "bob.rodgers", "name": "Bob Rodgers" }, "requestApprovalReason": "Test", "certifyApprovalReason": "Test", "datasink_status": "ack" } ] }
POST /api/rules/decision
- POST /api/rules/decision
-
Update rule decisions. [Supervisor, Ent Owner, App Owner, Admin]
Endpoint
/api/rules/decision
Authorization
<Bearer Token JWT-value>
Request Body Parameters Parameter Type Description rules
array of rules objects
List of rules affected by the decision (available properties listed below)(required)
is_autocertify
boolean
Auto-Certification decision (required)
is_autorequest
boolean
Auto-Request decision (required)
autocertify_reason
boolean
Auto-Certification reason (required)
autorequest_reason
boolean
Auto-Request reason (required)
datasink_status
string
Datasink status ('ack' or 'nack')
Rule Object Properties Parameter Type Description entitlement
string
Entitlement ID (required)
justification
string array
List of raw justifications (required)
Body
{ "rules": [ { "entitlement": "string", "justification": [ "string" ] } ], "is_autocertify": true, "is_autorequest": true, "autocertify_reason": "string", "autorequest_reason": "string" }
Example Request
curl -k -X POST \ 'https://autoid-ui.forgerock.com/api/rules/decisions' \ -H 'Authorization: Bearer <token value>' \ -H 'Content-Type: application/json' \ -d '{ "rules": [ { "entitlement": "Ent_1", "justification": [ "0C_CHIEF_YES_NO_Yes", "0C_JOBCODE_NAME_Service Representitive II", "0C_MANAGER_NAME_John_Doe", "0C_USR_EMP_TYPE_Non-Employee" ] } ], "is_autocertify": true, "is_autorequest": false, "autocertify_reason": "Goodbye, world.", "autorequest_reason": "Hello, world." }'
Example Response
Status 204: No Content