Access Request

The following are Identity Governance API Access Request endpoints:

access-request/user

Requests against the /user endpoint

GET Get User

Allows end users to query against user population

Endpoint

{{idmRoot}}/access-request/user?queryString=john

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password
{{endUserPassword}}
Content-Type            application/json

Params

queryString             John
_fields
_pageSize
_pagedResultsOffser
_sortKeys

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/user?queryString=John' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password:
{{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get Visible Requestees

Retrieves the list of user IDs that the authenticated user is allowed to see access for (themselves and their direct reports)

Endpoint

{{+idmRoot}}/access-request/user/requestees

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_fields
_pageSize
_pagedResultsOffser
_sortKeys

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/user/requestees' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get User BY Id

Allow end-users to query a specific user.

Endpoint

{{idmRoot}}/access-request/user/{{targetUserId}}

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password
{{endUserPassword}}
Content-Type            application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/user/{{targetUserId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'

access-request/item

Requests against the /item endpoint

GET Get Item

Allows end users to query individual items.

Endpoint

{{idmRoot}}/access-request/item?queryString=Admin

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}
Content-Type      application/json

Params

queryString             Admin
_fields
_pageSize
_pagedResultsOffser
_sortKeys

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/item?queryString=Admin' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get Item By Id

Allows end users to query a specific item.

Endpoint

{{idmRoot}}/access-request/{{itemId}}

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type              application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/item/{{itemId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
POST Get Request Fields For Item

Given a glossary item ID, return the fields that can be submitted with a request for that item.

Endpoint

{{idmRoot}}/access-request/item/fields/{{itemId}}

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Body raw

{}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/item/fields/{{itemId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{}'
POST Get Request Fields For Items

Given a list of glossary item IDs, return the fields that can be submitted with a request for those items.

Endpoint

{{idmRoot}}/access-request/item/fields

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Body raw

{
	"itemIds": [
		"e7997f97-cd00-4f16-b566-01879185eb2e",
		"c336c6a5-da19-4078-8ba5-3a297c605564"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/item/fields' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"itemIds": [
		"e7997f97-cd00-4f16-b566-01879185eb2e",
		"c336c6a5-da19-4078-8ba5-3a297c605564"
	]
}'

access-request/bundle

Requests against the /bundle endpoint.

GET Get Bundle

Allows end users to query requestable bundles.

Endpoint

{{idmRoot}}/access-request/bundle?queryString=Admin

Headers

X-OpenIDM-Username  {{endUserUsername}}
X-OpenIDM-Password  {{endUserPassword}}
Content-Type        application/json

Params

queryString         Admin
_fields
_pageSize
_pagedResultsOffser
_sortKeys

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/bundle?queryString=Admin' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get Bundle By Id

Allows end users to query a specific requestable bundle.

Endpoint

**{{idmRoot}}/access-request/bundle/{{bundleId}}

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/bundle/{{bundleId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
POST Create Bundle

Allows end users to query a specific requestable bundle.

Endpoint

**{{idmRoot}}/access-request/bundle/{{bundleId}}

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Body raw

{
	"name": "Administrator Bundle",
	"description": "Collection of administrator roles",
	"class": "requestable-item-bundle",
	"constraints": {},
	"itemIds": [
		"{{itemId}}",
		"{{itemId2}}"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/bundle' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"name": "Administrator Bundle",
	"description": "Collection of administrator roles",
	"class": "requestable-item-bundle",
	"constraints": {},
	"itemIds": [
		"{{itemId}}",
		"{{itemId2}}"
	]
}'
POST Update Bundle

Update an existing bundle definition.

Endpoint

**{{idmRoot}}/access-request/bundle/{{bundleId}}?_action=update

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Params Body raw

_action             update

Body raw

{
	"_id": "{{bundleId}}",
	"name": "Administrator Bundle",
	"description": "Collection of administrator roles",
	"class": "requestable-item-bundle",
	"constraints": {},
	"itemIds": [
		"{{itemId}}",
		"{{itemId2}}"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/bundle/{{bundleId}}?_action=update' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"_id": "{{bundleId}}",
	"name": "Administrator Bundle",
	"description": "Collection of administrator roles",
	"class": "requestable-item-bundle",
	"constraints": {},
	"itemIds": [
		"{{itemId}}",
		"{{itemId2}}"
	]
}'
DEL Delete Bundle

Allows end users to delete a specific requestable bundle.

Endpoint

**{{idmRoot}}/access-request/bundle/{{bundleId}}

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Body raw

{}

Example Request

curl --location -g --request DELETE '{{idmRoot}}/access-request/bundle/{{bundleId}}' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{}'

access-request/requestFields

Requests against the /requestFields endpoint.

GET Get Request Fields

Query for defined request fields that can be assigned to any requestable item.

Endpoint

{{idmRoot}}/access-request/requestFields?pageSize=10&pageNumber=0

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

pageSize                10
pageNumber              0
sortBy
q                       (filter term)
name                    (match name property)

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/requestFields?pageSize=10&pageNumber=0' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json'
POST Create Request Field

Create a request field that can be assigned to any requestable item.

Endpoint

{{idmRoot}}/access-request/requestFields?_action=create

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             create

Body raw

{
   "name": "Justification",
   "description": "Reason for requesting this access",
   "inputType": "text",
   "required": true
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/requestFields?_action=create' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "name": "Justification",
   "description": "Reason for requesting this access",
   "inputType": "text",
   "required": true
}'
POST Create Request Field - 2

Create a request field that can be assigned to any requestable item.

Endpoint

{{idmRoot}}/access-request/requestFields?_action=create

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             create

Body raw

{
   "name": "Location",
   "description": "Choose the location at which you are working",
   "inputType": "radio",
   "inputOptions": [
   		"New York",
   		"Miami"
   	],
   "required": true
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/requestFields?_action=create' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "name": "Location",
   "description": "Choose the location at which you are working",
   "inputType": "radio",
   "inputOptions": [
   		"New York",
   		"Miami"
   	],
   "required": true
}'
POST Update Request Field

Update a request field that can be assigned to any requestable item.

Endpoint

{{idmRoot}}/access-request/requestFields//{{requestfieldid}}?_action=update

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             update

Body raw

{
   "name": "Justification",
   "description": "Reason for requesting this access",
   "inputType": "text",
   "required": true
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/requestFields/{{requestfieldid}}?_action=update' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "name": "Justification",
   "description": "Reason for requesting this access",
   "inputType": "text",
   "required": true
}'
POST Delete Request Field

Delete a request field that can be assigned to any requestable item.

Endpoint

{{idmRoot}}/access-request/requestFields//{{requestfieldid}}?_action=update

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             delete

Body raw

{
   "fieldIds": [
   		"{{requestfieldid}}"
   	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/requestFields?_action=delete' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "fieldIds": [
   		"{{requestfieldid}}"
   	]
}'

access-request/requestable

Requests against the /requestable endpoint.

GET Get Requestable Item

Query requestable item (item or bundle) by its ID.

Endpoint

{{idmRoot}}/access-request/requestable/{{itemId}}

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/requestable/{{itemId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get Requestable Items

Query requestable items (item or bundle).

Endpoint

{{idmRoot}}/access-request/requestable

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

userId              Check the requestable item’s against the user to see if they are assigned to them.

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/requestable' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'

access-request/approval

Requests against the /approval endpoint.

GET Get Approval

Get an approval task its ID.

Endpoint

{{idmRoot}}/access-request/approval/{{approvalTaskId}}

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/approval/{{approvalTaskId}}' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get Approvals

Get approval tasks assigned to user.

Endpoint

{{idmRoot}}/access-request/approval?pageSize=10&pageNumber=0

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

pageSize                10
pageNumber              0
_fields
sortBy
requesteeId
requesterId
itemId
id

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/approval?pageSize=10&pageNumber=0' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get Approval Count

Get current number of active approval tasks assigned to user.

Endpoint

{{idmRoot}}/access-request/approval?getResultCount=true

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_fields
sortBy
requesteeId
requesterId
itemId
getResultCount       true

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/approval?getResultCount=true' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get Approvals - Admin

Get approval tasks, as administrator.

Endpoint

{{idmRoot}}/access-request/approval?pageSize=10&pageNumber=0

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Params

pageSize                10
pageNumber              0
_fields
sortBy
approverId
requesterId
requesteeId
itemId
id

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/approval/admin?pageSize=10&pageNumber=0' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json'
POST Create Approval Task

Manually create an approval task. For use within custom workflows.

Endpoint

{{idmRoot}}/access-request/requestFields//{{requestFieldId}}?_action=update

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Body raw

{
   "requestId": "{{requestId}}",
   "itemIds":[
	  "{{itemId}}"
   ],
   "approverId": "{{approverId}}",
   "workflowTaskId": "{{workflowTaskId}}"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/requestFields?_action=delete' \
curl --location -g --request POST '{{idmRoot}}/access-request/approval' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "requestId": "{{requestId}}",
   "itemIds":[
	  "{{itemId}}"
   ],
   "approverId": "{{approverId}}",
   "workflowTaskId": "{{workflowTaskId}}"
}'
POST Get Autonomous Identity Recommendations For Use

Queries Autonomous Identity to get recommendations for entitlements for the given user.

Endpoint

{{idmRoot}}/access-request/approval?_action=getRecommendations

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Params

_action             getRecommendations

Body raw

{
   "userId": "{{requestId}}",
   "entitlements":[
	  "{{itemId}}"
   ]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/approval?_action=getRecommendations' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "userId": "{{requestId}}",
   "entitlements":[
	  "{{itemId}}"
   ]
}'
GET Get Approval Repository Object

Directly read an approval task from the repository. Also, supports PUT and DELETE operations.

Endpoint

{{idmRoot}}/repo/governance/approvalTask/
{{approvalTaskId}}

Headers

X-OpenIDM-Username      {{idmAdminUsername}}
X-OpenIDM-Password      {{idmAdminPassword}}
Content-Type            application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/repo/governance/approvalTask/{{approvalTaskId}}' \
--header 'X-OpenIDM-Username: {{idmAdminUsername}}' \
--header 'X-OpenIDM-Password: {{idmAdminPassword}}' \
--header 'Content-Type: application/json'
GET Query Approval Repository Objects

Query the repository objects for approval tasks directly.

Endpoint

{{idmRoot}}/repo/governance/approvalTask?_queryFilter=true

Headers

X-OpenIDM-Username      {{idmAdminUsername}}
X-OpenIDM-Password      {{idmAdminPassword}}
Content-Type            application/json

Example Request

_queryFilter        true

Example Request

curl --location -g --request GET '{{idmRoot}}/repo/governance/approvalTask?_queryFilter=true' \
--header 'X-OpenIDM-Username: {{idmAdminUsername}}' \
--header 'X-OpenIDM-Password: {{idmAdminPassword}}' \
--header 'Content-Type: application/json'

access-request/request

Requests against the /request endpoint.

POST Cancel Request(s)

As an access request adminstrator, requester, or requestee, cancel the requests provided.

Endpoint

{{idmRoot}}/access-request/request?_action=cancel

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Params

_action                 cancel

Body raw

{
	"requestIds": [
		"{{requestId}}"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=cancel' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"requestIds": [
		"{{requestId}}"
	]
}'
POST Create Request

Create a request for access.

Endpoint

{{idmRoot}}/access-request/request

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Body raw

{
   "userIds":[
      "1sasdaf97-cd00-4f16-b566-01879185eb2e"
   ],
   "items":[
      {
         "itemId":"{{itemId}}",
         "requestType":"add",
         "fields": {

         }
      }
   ],
   "comment": "Comment"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "userIds":[
      "1sasdaf97-cd00-4f16-b566-01879185eb2e"
   ],
   "items":[
      {
         "itemId":"{{itemId}}",
         "requestType":"add",
         "fields": {

         }
      }
   ],
   "comment": "Comment"
}'
POST Create Request Policy Check

Given a create request payload, check whether the request would result in any policy violations.

Endpoint

{{idmRoot}}/access-request/request/policy

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Body raw

{
   "userIds":[
      "222"
   ],
   "items":[
      {
         "itemId":"managed/role/2007",
         "requestType":"add"
      }
   ]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request/policy' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "userIds":[
      "222"
   ],
   "items":[
      {
         "itemId":"managed/role/2007",
         "requestType":"add"
      }
   ]
}'
GET Get Requests

Get requests for the user.

Endpoint

{{idmRoot}}/access-request/request?status=active&pageSize=10&pageNumber=0

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

status                  active
pageSize                10
pageNumber              0
sortBy
approverId
requesteeId
requesterId
itemId
id

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/request?status=active&pageSize=10&pageNumber=0' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
GET Get Requests - Admin

Get requests as an administrator.

Endpoint

{{idmRoot}}/access-request/request/admin?status=active&pageSize=10&pageNumbe

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Params

status                  active
pageSize                10
pageNumber              0
sortBy
approverId
requesteeId
requesterId
itemId
id

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/request/admin?status=active&pageSize=10&pageNumber=' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json'
GET Get Request

Get requests by ID..

Endpoint

{{idmRoot}}/access-request/request/{{requestId}}

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/request/{{requestId}}' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json'
GET Get Request Repository Object

Read a request object directly from the repository. Also, supports PUT and DELETE operations.

Endpoint

{{idmRoot}}/repo/governance/request?_queryFilter=true

Headers

X-OpenIDM-Username      {{idmAdminUsername}}
X-OpenIDM-Password      {{idmAdminPassword}}
Content-Type            application/json

Params

_queryFilter         true

Example Request

curl --location -g --request GET '{{idmRoot}}/repo/governance/request?_queryFilter=true' \
--header 'X-OpenIDM-Username: {{idmAdminUsername}}' \
--header 'X-OpenIDM-Password: {{idmAdminPassword}}' \
--header 'Content-Type: application/json'
GET Query Request Repository Objects

Query repository for request objects directly.

Endpoint

{{idmRoot}}/repo/governance/request?_queryFilter=true

Headers

X-OpenIDM-Username      {{idmAdminUsername}}
X-OpenIDM-Password      {{idmAdminPassword}}
Content-Type            application/json

Params

_queryFilter         true

Example Request

curl --location -g --request GET '{{idmRoot}}/repo/governance/request?_queryFilter=true' \
--header 'X-OpenIDM-Username: {{idmAdminUsername}}' \
--header 'X-OpenIDM-Password: {{idmAdminPassword}}' \
--header 'Content-Type: application/json'
POST Reassign Approval Task

Reassign a task to a new user/group

Endpoint

{{idmRoot}}/access-request/request?_action=reassign

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action         reassign

Body raw

{
	"approvalIds": [
		"{{approvalTaskId}}"
	],
	"newApproverId": "managed/user/211"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=reassign' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"approvalIds": [
		"{{approvalTaskId}}"
	],
	"newApproverId": "managed/user/211"
}'
POST Consult Approval Task

Add a consulting user/group to the approval task

Endpoint

{{idmRoot}}/access-request/request?_action=consult

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action               consult

Body raw

{
	"approvalIds": [
		"{{approvalTaskId}}"
	],
	"consultId": "managed/user/235"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=consult' \
--header 'X-OpenIDM-Username: {{endUserPassword}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"approvalIds": [
		"{{approvalTaskId}}"
	],
	"consultId": "managed/user/235"
}'
POST Cancel Consult Approval Task

Cancel a consulting user/group to the approval task

Endpoint

{{idmRoot}}/access-request/request?_action=cancelconsult

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action               cancelconsult

Body raw

{
	"approvalIds": [
		"{{approvalTaskId}}"
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=cancelconsult' \
--header 'X-OpenIDM-Username: {{endUserPassword}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"approvalIds": [
		"{{approvalTaskId}}"
	]
}'
POST Upload File To Request

Upload file to a given request. Optionally provide itemIds within the request that the file are specific to.

Endpoint

{{idmRoot}}/access-request/request?_action=upload

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             upload

Body raw

{
	"requestId": "{{requestId}}",
	"itemIds": [
		"{{itemId}}"
	],
	"fileName": "report.pdf",
	"fileType": "text/plain",
	"content": "dGhpcyBpcyBhIGZpbGU="
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=upload' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"requestId": "{{requestId}}",
	"itemIds": [
		"{{itemId}}"
	],
	"fileName": "report.pdf",
	"fileType": "text/plain",
	"content": "dGhpcyBpcyBhIGZpbGU="
}'
GET Download File From Request

Download a file from a request given a request ID and file name.

Endpoint

{{idmRoot}}/access-request/request/download?fileName&requestId

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

fileName           Name of file
requestId          ID of request file is attached to

Example Request

curl --location -g --request GET '{{idmRoot}}/access-request/request/download?fileName=&requestId=' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json'
POST Download File From Request

Download a file from a given request

Endpoint

{{idmRoot}}/access-request/request?_action=download

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             download

Body raw

{
	"requestId": "{{requestId}}",
	"fileName": "report.pdf"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=download' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"requestId": "{{requestId}}",
	"fileName": "report.pdf"
}'
POST Delete File From Request

Remove a file from a given request

Endpoint

{{idmRoot}}/access-request/request?_action=removeFile

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             removeFile

Body raw

{
	"requestId": "{{requestId}}",
	"fileName": "report.pdf"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=removeFile' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"requestId": "{{requestId}}",
	"fileName": "report.pdf"
}'
POST Comment on Request

Comment on a request. Optionally provide the specific items within the request that this comment will apply to.

Endpoint

{{idmRoot}}/access-request/request?_action=comment

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             removeFile

Body raw

{
	"requestId": "{{requestId}}",
	"itemIds": [
		"{{itemId}}"
	],
	"comment": "Comment",
	"isHidden": false
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request?_action=comment' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"requestId": "{{requestId}}",
	"itemIds": [
		"{{itemId}}"
	],
	"comment": "Comment",
	"isHidden": false
}'
POST Complete Approval Task

Complete an approval task as the approver. This endpoint with action 'complete' requires individual item decisions to be included in the request body.

Endpoint

{{idmRoot}}/access-request/request/approval?_action=complete

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             complete

Body raw

{
	"approvalId": "{{approvalTaskId}}",
	"approvalData": [
		{
			"itemId": "{{itemId}}",
			"outcome": "approved"
		}
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request/approval?_action=complete' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"approvalId": "{{approvalTaskId}}",
	"approvalData": [
		{
			"itemId": "{{itemId}}",
			"outcome": "approved"
		}
	]
}'
POST Complete Approval Task - Approval All

Complete an approval task as the approver. This endpoint with action 'complete' requires individual item decisions to be included in the request body.

Endpoint

{{idmRoot}}/access-request/request/approval?_action=approved

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             approval

Body raw

{
	"approvalId": "{{approvalTaskId}}",
	"comment": "Comment"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request/approval?_action=approved' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"approvalId": "{{approvalTaskId}}",
	"comment": "Comment"
}'
POST Complete Approval Task - Reject All

Complete an approval task, rejecting all of the task’s items.

Endpoint

{{idmRoot}}/access-request/request/approval?_action=rejected

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             rejected

Body raw

{
	"approvalId": "{{approvalTaskId}}",
	"comment": "Comment"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request/approval?_action=rejected' \
--header 'X-OpenIDM-Username: {{endUserUsername}}' \
--header 'X-OpenIDM-Password: {{endUserPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"approvalId": "{{approvalTaskId}}",
	"comment": "Comment"
}'
POST Update Request’s Items

Complete an approval task, rejecting all of the task’s items.

Endpoint

{{idmRoot}}/access-request/request/{{requestId}}?_action=asdasd

Headers

X-OpenIDM-Username      {{endUserUsername}}
X-OpenIDM-Password      {{endUserPassword}}
Content-Type            application/json

Params

_action             asdasd

Body raw

{
	"items": [
        {
            "itemId": "40b83cb6-1749-48eb-9c89-2a3b1fae71ab",
            "fields": [],
            "timesApproved": 2,
            "outcome": "provisioned"
        }
	]
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/request/{{requestId}}?_action=asdasd' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"items": [
        {
            "itemId": "40b83cb6-1749-48eb-9c89-2a3b1fae71ab",
            "fields": [],
            "timesApproved": 2,
            "outcome": "provisioned"
        }
	]
}'

access-request/notification

Requests against the /notification endpoint.

POST Send Notification

As an access request administrator, send any of the defined Request notifications. To be used within custom workflows if notifications need to be sent at a certain juncture.

Endpoint

{{idmRoot}}/access-request/notification/APPROVAL_TASK_CREATED/{{approvalTaskId}}

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Body raw

{}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/notification/APPROVAL_TASK_CREATED/{{approvalTaskId}}' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{}'

access-request/provision

Requests against the /provision endpoint.

POST Provision Access From Request

As an access request administrator, send any of the defined Request notifications. To be used within custom workflows if notifications need to be sent at a certain juncture.

Endpoint

{{idmRoot}}/access-request/provision

Headers

X-OpenIDM-Username      {{arAdminUsername}}
X-OpenIDM-Password      {{arAdminPassword}}
Content-Type            application/json

Body raw

{
	"requestId": "{{requestId}}",
	"itemId": "{{itemId}}",
	"requestType": "add"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/access-request/provision' \
--header 'X-OpenIDM-Username: {{arAdminUsername}}' \
--header 'X-OpenIDM-Password: {{arAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"requestId": "{{requestId}}",
	"itemId": "{{itemId}}",
	"requestType": "add"
}'

commons/glossary

Requests against the commons/glossary endpoint.

GET Get Workflow Definitions

Query IDM for the available workflow definitions. Used for front-end forms.

Endpoint

{{idmRoot}}/commons/workflow

Headers

X-OpenIDM-Username      {{idmAdminUsername}}
X-OpenIDM-Password      {{idmAdminPassword}}
Content-Type            application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/commons/workflow' \
--header 'X-OpenIDM-Username: {{idmAdminUsername}}' \
--header 'X-OpenIDM-Password: {{idmAdminPassword}}' \
--header 'Content-Type: application/json'
GET Get Glossary Entry By ID

Read a specific glossary entry.

Endpoint

{{idmRoot}}/commons/glossary/{{glossaryEntryId}}

Headers

X-OpenIDM-Username      {{glossaryAdminUsername}}
X-OpenIDM-Password      {{glossaryAdminPassword}}
Content-Type            application/json

Example Request

curl --location -g --request GET '{{idmRoot}}/commons/glossary/{{glossaryEntryId}}' \
--header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \
--header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \
--header 'Content-Type: application/json'
DEL Delete Glossary Entry By ID

Delete a specific glossary entry.

Endpoint

{{idmRoot}}/commons/glossary/{{glossaryEntryId}}

Headers

X-OpenIDM-Username      {{glossaryAdminUsername}}
X-OpenIDM-Password      {{glossaryAdminPassword}}
Content-Type            application/json

Body raw

{
	"userId": "c336c6a5-da19-4078-8ba5-3a297c605564",
	"attributes": [
		{
			"attribute": "roles",
			"value": "managed/role/2007",
			"action": "add"
		}
	]
}

Example Request

curl --location -g --request DELETE '{{idmRoot}}/commons/glossary/{{glossaryEntryId}}' \
--header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \
--header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"userId": "c336c6a5-da19-4078-8ba5-3a297c605564",
	"attributes": [
		{
			"attribute": "roles",
			"value": "managed/role/2007",
			"action": "add"
		}
	]
}'
POST Update Glossary Entry

Update a specific glossary entry.

Endpoint

{{idmRoot}}/commons/glossary/{{glossaryEntryId}}?_action=update

Headers

X-OpenIDM-Username      {{glossaryAdminUsername}}
X-OpenIDM-Password      {{glossaryAdminPassword}}
Content-Type            application/json

Params

_action             update

Body raw

{
    "_rev": "2",
    "requestable": true,
    "approvers": [
        "manager",
        "entitlementOwner"
    ],
    "displayName": "Cloud Infrastructure Approver!",
    "description": "Grants user access required for Cloud Infrastructure Approver",
    "objectId": "managed/role/2070",
    "riskLevel": 1,
    "constraints": {
        "riskLevel": {
            "type": "integer"
        },
        "highRiskApprover": {
            "type": "managed object id"
        },
        "description": {
            "type": "string"
        },
        "entitlementOwner": {
            "type": "managed object id"
        },
        "approvers": {
            "type": "array"
        },
        "requestable": {
            "type": "boolean"
        }
    },
    "class": "object",
    "entitlementOwner": "managed/role/2070",
    "order": []
}

Example Request

curl --location -g --request POST '{{idmRoot}}/commons/glossary/{{glossaryEntryId}}?_action=update' \
--header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \
--header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
    "_rev": "2",
    "requestable": true,
    "approvers": [
        "manager",
        "entitlementOwner"
    ],
    "displayName": "Cloud Infrastructure Approver!",
    "description": "Grants user access required for Cloud Infrastructure Approver",
    "objectId": "managed/role/2070",
    "riskLevel": 1,
    "constraints": {
        "riskLevel": {
            "type": "integer"
        },
        "highRiskApprover": {
            "type": "managed object id"
        },
        "description": {
            "type": "string"
        },
        "entitlementOwner": {
            "type": "managed object id"
        },
        "approvers": {
            "type": "array"
        },
        "requestable": {
            "type": "boolean"
        }
    },
    "class": "object",
    "entitlementOwner": "managed/role/2070",
    "order": []
}'
POST Create Glossary Entry

Create a new glossary entry.

Endpoint

{{idmRoot}}/commons/glossary?_action=create

Headers

X-OpenIDM-Username      {{glossaryAdminUsername}}
X-OpenIDM-Password        {{glossaryAdminPassword}}
Content-Type**            application/json

Params

_action             create

Body raw

{
   "class":"identity-value",
   "constraints":{
      "_id":{
         "type":"id"
      },
      "_rev":{

      },
      "class":{
         "type":"string"
      },
      "constraints":{
         "type":"object"
      },
      "attributeName":{
         "type":"string"
      },
      "attributeValue":{

      },
      "requestFields":{
         "type":"array"
      },
      "description":{
         "type":"string"
      }
   },
   "attributeName":"jobCode",
   "attributeValue":"B456",
   "requestFields":[

   ],
   "description":"Marketing job code"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/commons/glossary?_action=create' \
--header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \
--header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "class":"identity-value",
   "constraints":{
      "_id":{
         "type":"id"
      },
      "_rev":{

      },
      "class":{
         "type":"string"
      },
      "constraints":{
         "type":"object"
      },
      "attributeName":{
         "type":"string"
      },
      "attributeValue":{

      },
      "requestFields":{
         "type":"array"
      },
      "description":{
         "type":"string"
      }
   },
   "attributeName":"jobCode",
   "attributeValue":"B456",
   "requestFields":[

   ],
   "description":"Marketing job code"
}'
GET Query Glossary Entries

Query entries in the governance glossary

Endpoint

{{idmRoot}}/commons/glossary

Headers

X-OpenIDM-Username      {{glossaryAdminUsername}}
X-OpenIDM-Password      {{glossaryAdminPassword}}
Content-Type            application/json

Params

queryFilter

Example Request

curl --location -g --request GET '{{idmRoot}}/commons/glossary' \
--header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \
--header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \
--header 'Content-Type: application/json'
POST Create Glossary Entry

Create a new glossary entry.

Endpoint

{{idmRoot}}/commons/glossary?_action=create

Headers

X-OpenIDM-Username      {{glossaryAdminUsername}}
X-OpenIDM-Password      {{glossaryAdminPassword}}
Content-Type            application/json

Params

_action             create

Body raw

{
   "class":"identity-value",
   "constraints":{
      "_id":{
         "type":"id"
      },
      "_rev":{

      },
      "class":{
         "type":"string"
      },
      "constraints":{
         "type":"object"
      },
      "attributeName":{
         "type":"string"
      },
      "attributeValue":{

      },
      "requestFields":{
         "type":"array"
      },
      "description":{
         "type":"string"
      }
   },
   "attributeName":"jobCode",
   "attributeValue":"B456",
   "requestFields":[

   ],
   "description":"Marketing job code"
}

Example Request

curl --location -g --request POST '{{idmRoot}}/commons/glossary?_action=create' \
--header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \
--header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
   "class":"identity-value",
   "constraints":{
      "_id":{
         "type":"id"
      },
      "_rev":{

      },
      "class":{
         "type":"string"
      },
      "constraints":{
         "type":"object"
      },
      "attributeName":{
         "type":"string"
      },
      "attributeValue":{

      },
      "requestFields":{
         "type":"array"
      },
      "description":{
         "type":"string"
      }
   },
   "attributeName":"jobCode",
   "attributeValue":"B456",
   "requestFields":[

   ],
   "description":"Marketing job code"
}'
GET Query Glossary Entries

Query entries in the governance glossary

Endpoint

{{idmRoot}}/commons/glossary

Headers

X-OpenIDM-Username      {{glossaryAdminUsername}}
X-OpenIDM-Password      {{glossaryAdminPassword}}
Content-Type            application/json

Params

queryFilter

Example Request

curl --location -g --request GET '{{idmRoot}}/commons/glossary' \
--header 'X-OpenIDM-Username: {{glossaryAdminUsername}}' \
--header 'X-OpenIDM-Password: {{glossaryAdminPassword}}' \
--header 'Content-Type: application/json'
POST Check User Update Against Policies

Given a userId and a list of attribute changes (in the format of attribute, value, and action), check the system’s active policies against the user if their access was changed via the list of attribute changes.

This is an Access Review endpoint, available with the release of Access Request 2.0

+

Endpoint

{{idmRoot}}/governance/policyScan?_action=check

+

Headers

X-OpenIDM-Username      {{reviewAdminUsername}}
X-OpenIDM-Password      {{reviewAdminPassword}}
Content-Type            application/json

+

Params

_action              check

+

Body raw

{
	"userId": "c336c6a5-da19-4078-8ba5-3a297c605564",
	"attributes": [
		{
			"attribute": "roles",
			"value": "managed/role/2007",
			"action": "add"
		}
	]
}

+

Example Request

curl --location -g --request POST '{{idmRoot}}/governance/policyScan?_action=check' \
--header 'X-OpenIDM-Username: {{reviewAdminUsername}}' \
--header 'X-OpenIDM-Password: {{reviewAdminPassword}}' \
--header 'Content-Type: application/json' \
--data-raw '{
	"userId": "c336c6a5-da19-4078-8ba5-3a297c605564",
	"attributes": [
		{
			"attribute": "roles",
			"value": "managed/role/2007",
			"action": "add"
		}
	]
}'