Get a Document by ID

Fetches a single document from the specified index, using the specified document ID.

Path Parameters

• index string required

  The index from which to fetch the specified document.

  The currently supported index names are: accessprofiles, accountactivities, accounts, aggregations, entitlements, events, identities, and roles.

  Example: accounts
• id string required

  ID of the requested document.

  Example: 2c91808568c529c60168cca6f90c1313

Responses

• 200
• 400
• 401
• 403
• 404
• 429
• 500

---

The requested document.

application/json

• Schema
• Example (from schema)
• Access Profile
• Entitlement
• Event
• Identity
• Role

---

Schema

oneOf
• MOD1
• MOD2
• MOD3
• MOD4
• MOD5
• MOD6
• MOD7
• MOD8
---
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
_type string
Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
description string
The description of the access item
created date-time
A date-time in ISO-8601 format
modified date-time
A date-time in ISO-8601 format
synced date-time
A date-time in ISO-8601 format
enabled boolean
requestable boolean
Indicates if the access can be requested
requestCommentsRequired boolean
Indicates if comments are required when requesting access
owner object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
email string
The email of the identity
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
entitlements object[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
description string
A description of the entitlement
attribute string
The name of the entitlement attribute
value string
The value of the entitlement
entitlementCount integer
tags string[]
id string
name string
_type string
Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
action string
The type of action that this activity performed
created date-time
A date-time in ISO-8601 format
modified date-time
A date-time in ISO-8601 format
stage string
The current stage of the activity
origin string
status string
the current status of the activity
requester object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
the type of source returned
recipient object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
the type of source returned
trackingNumber string
errors string[]
warnings string[]
approvals object[]
comments object[]
comment string
The comment text
commenter string
The name of the commenter
date date-time
A date-time in ISO-8601 format
created date-time
A date-time in ISO-8601 format
modified date-time
A date-time in ISO-8601 format
owner object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
the type of source returned
result string
The result of the approval
type string
originalRequests object[]
accountId string
the account id
attributeRequests object[]
name string
The attribute name
op string
The operation to perform
value string
The value of the attribute
op string
the operation that was used
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
the type of source returned
expansionItems object[]
accountId string
The ID of the account
cause string
name string
The name of the item
attributeRequests object[]
name string
The attribute name
op string
The operation to perform
value string
The value of the attribute
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
the type of source returned
accountRequests object[]
accountId string
Unique ID of the account
attributeRequests object[]
name string
The attribute name
op string
The operation to perform
value string
The value of the attribute
op string
The operation that was performed
provisioningTarget object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
the type of source returned
result object
errors string[]
status string
The status of the account request
ticketId string
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
the type of source returned
sources string
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
_type string
Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
accountId string
The ID of the account
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
the type of source returned
disabled boolean
Indicates if the account is disabled
locked boolean
Indicates if the account is locked
privileged boolean
manuallyCorrelated boolean
Indicates if the account has been manually correlated to an identity
passwordLastSet date-time
A date-time in ISO-8601 format
entitlementAttributes object
a map or dictionary of key/value pairs
created date-time
A date-time in ISO-8601 format
modified date-time
A date-time in ISO-8601 format
attributes object
a map or dictionary of key/value pairs
identity object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
displayName string
access object[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
displayName string
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
description string
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
privileged boolean
attribute string
value string
standalone boolean
entitlementCount int32
The number of entitlements assigned to the account
uncorrelated boolean
Indicates if the account is not correlated to an identity
tags string[]
id string
name string
_type string
Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
status string
duration int32
avgDuration int32
changedAccounts int32
nextScheduled date-time
A date-time in ISO-8601 format
startTime date-time
A date-time in ISO-8601 format
sourceOwner string
John Doe
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
_type string
Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
description string
A description of the entitlement
attribute string
The name of the entitlement attribute
value string
The value of the entitlement
modified date-time
A date-time in ISO-8601 format
synced date-time
A date-time in ISO-8601 format
displayName string
The display name of the entitlement
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
privileged boolean
identityCount int32
tags string[]
id string
name string
_type string
Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
created date-time
A date-time in ISO-8601 format
synced date-time
A date-time in ISO-8601 format
action string
The action that was performed
type string
The type of event
actor object
name string
the actor or target name
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
target object
name string
the actor or target name
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
stack string
trackingNumber string
ipAddress string
details string
attributes object
objects string[]
operation string
status string
technicalName string
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
_type string
Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
displayName string
The display name of the identity
firstName string
The first name of the identity
lastName string
The last name of the identity
email string
The identity's primary email address
created date-time
A date-time in ISO-8601 format
modified date-time
A date-time in ISO-8601 format
synced date-time
A date-time in ISO-8601 format
phone string
The phone number of the identity
inactive boolean
Indicates if the identity is inactive
protected boolean
status string
The identity's status in SailPoint
employeeNumber string
manager object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
displayName string
isManager boolean
Indicates if this identity is a manager of other identities
identityProfile object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
attributes object
a map or dictionary of key/value pairs
processingState string
processingDetails object
date date-time
A date-time in ISO-8601 format
stage string
retryCount int32
stackTrace string
message string
accounts object[]
List of accounts associated with the identity
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
accountId string
The ID of the account
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
the type of source returned
disabled boolean
Indicates if the account is disabled
locked boolean
Indicates if the account is locked
privileged boolean
manuallyCorrelated boolean
Indicates if the account has been manually correlated to an identity
passwordLastSet date-time
A date-time in ISO-8601 format
entitlementAttributes object
a map or dictionary of key/value pairs
created date-time
A date-time in ISO-8601 format
accountCount int32
Number of accounts associated with the identity
apps object[]
The list of applications the identity has access to
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
account object
id string
The SailPoint generated unique ID
accountId string
The account ID generated by the source
appCount int32
The number of applications the identity has access to
access object[]
The list of access items assigned to the identity
oneOf
• MOD1
• MOD2
• MOD3
---
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
displayName string
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
description string
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
owner object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
displayName string
revocable boolean
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
displayName string
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
description string
source object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
privileged boolean
attribute string
value string
standalone boolean
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
displayName string
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
description string
owner object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
displayName string
disabled boolean
revocable boolean
accessCount int32
The number of access items assigned to the identity
accessProfileCount integer
The number of access profiles assigned to the identity
entitlementCount integer
The number of entitlements assigned to the identity
roleCount integer
The number of roles assigned to the identity
owns object
sources object[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
entitlements object[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
accessProfiles object[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
roles object[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
apps object[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
governanceGroups object[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
fallbackApprover boolean
tags string[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
_type string
Possible values: [accessprofile, accountactivity, account, aggregation, entitlement, event, identity, role]
Enum representing the currently supported document types.
Additional values may be added in the future without notice.
description string
The description of the access item
created date-time
A date-time in ISO-8601 format
modified date-time
A date-time in ISO-8601 format
synced date-time
A date-time in ISO-8601 format
enabled boolean
requestable boolean
Indicates if the access can be requested
requestCommentsRequired boolean
Indicates if comments are required when requesting access
owner object
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
type string
Possible values: [ACCOUNT_CORRELATION_CONFIG, ACCESS_PROFILE, ACCESS_REQUEST_APPROVAL, ACCOUNT, APPLICATION, CAMPAIGN, CAMPAIGN_FILTER, CERTIFICATION, CLUSTER, CONNECTOR_SCHEMA, ENTITLEMENT, GOVERNANCE_GROUP, IDENTITY, IDENTITY_PROFILE, IDENTITY_REQUEST, LIFECYCLE_STATE, PASSWORD_POLICY, ROLE, RULE, SOD_POLICY, SOURCE, TAG, TAG_CATEGORY, TASK_RESULT, REPORT_RESULT, SOD_VIOLATION, ACCOUNT_ACTIVITY]
An enumeration of the types of DTOs supported within the IdentityNow infrastructure.
email string
The email of the identity
accessProfiles object[]
id string
The unique ID of the referenced object.
name string
The human readable name of the referenced object.
accessProfileCount integer
tags string[]

{
  "id": true,
  "name": true,
  "_type": "identity",
  "description": "The admin role",
  "created": "2018-06-25T20:22:28.104Z",
  "modified": "2018-06-25T20:22:28.104Z",
  "synced": "2018-06-25T20:22:28.104Z",
  "enabled": true,
  "requestable": true,
  "requestCommentsRequired": false,
  "owner": {
    "id": "2c91808568c529c60168cca6f90c1313",
    "name": "John Doe",
    "type": "IDENTITY",
    "email": "john.doe@sailpoint.com"
  },
  "source": {
    "id": "2c91808568c529c60168cca6f90c1313",
    "name": "John Doe"
  },
  "entitlements": [
    {
      "id": "2c91808568c529c60168cca6f90c1313",
      "name": "John Doe",
      "description": "The admin privilege",
      "attribute": "admin",
      "value": "true"
    }
  ],
  "entitlementCount": 5,
  "tags": [
    "TAG_1",
    "TAG_2"
  ]
}

AccessProfile

{
  "id": "2c9180825a6c1adc015a71c9023f0818",
  "name": "Cloud Eng",
  "_type": "accessprofile",
  "description": "Cloud Eng",
  "created": "2017-02-24T20:21:23.145Z",
  "modified": "2019-05-24T20:36:04.312Z",
  "synced": "2020-02-18T05:30:20.414Z",
  "enabled": true,
  "requestable": true,
  "requestCommentsRequired": false,
  "owner": {
    "id": "ff8081815757d36a015757d42e56031e",
    "name": "SailPoint Support",
    "type": "IDENTITY",
    "email": "cloud-support@sailpoint.com"
  },
  "source": {
    "id": "ff8081815757d4fb0157588f3d9d008f",
    "name": "Employees"
  },
  "entitlements": [
    {
      "id": "2c918084575812550157589064f33b89",
      "name": "CN=Cloud Engineering,DC=sailpoint,DC=COM",
      "description": "mull",
      "attribute": "memberOf",
      "value": "CN=Cloud Engineering,DC=sailpoint,DC=COM"
    }
  ],
  "entitlementCount": 1,
  "tags": [
    "TAG_1",
    "TAG_2"
  ]
}

Entitlement

{
  "id": "2c9180946ed0c43d016eec1a80892fbd",
  "name": "entitlement.aa415ae7",
  "_type": "entitlement",
  "description": "null",
  "attribute": "groups",
  "value": "entitlement.aa415ae7",
  "modified": "2019-12-09T19:19:50.154Z",
  "created": "2018-12-07T01:07:48Z",
  "synced": "2020-02-19T04:30:32.906Z",
  "displayName": "entitlement.aa415ae7",
  "source": {
    "id": "2c91808b6e9e6fb8016eec1a2b6f7b5f",
    "name": "ODS-HR-Employees"
  },
  "owner": {
    "type": "IDENTITY",
    "id": "2c9180858315595501831958427e5424",
    "name": "Addie Lee"
  },
  "privileged": false,
  "identityCount": 68,
  "tags": [
    "TAG_1",
    "TAG_2"
  ]
}

Event

{
  "id": "e092842f-c904-4b59-aac8-2544abeeef4b",
  "name": "Update Task Schedule Passed",
  "_type": "event",
  "created": "2020-02-17T16:23:18.327Z",
  "synced": "2020-02-17T16:23:18.388Z",
  "action": "TASK_SCHEDULE_UPDATE_PASSED",
  "type": "SYSTEM_CONFIG",
  "actor": {
    "name": "MantisTaskScheduler"
  },
  "target": {
    "name": "Perform provisioning activity search delete synchronization"
  },
  "stack": "tpe",
  "trackingNumber": "c6b98bc39ece48b080826d16c76b166c",
  "ipAddress": "207.189.160.158",
  "details": "null",
  "attributes": {
    "sourceName": "SailPoint"
  },
  "objects": [
    "TASK",
    "SCHEDULE"
  ],
  "operation": "UPDATE",
  "status": "PASSED",
  "technicalName": "TASK_SCHEDULE_UPDATE_PASSED"
}

Identity

{
  "id": "2c9180865c45e7e3015c46c434a80622",
  "name": "ad.admin",
  "_type": "identity",
  "firstName": "AD",
  "lastName": "Admin",
  "displayName": "AD Admin",
  "email": "SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM",
  "created": "2018-08-22T19:54:54.302Z",
  "modified": "2018-08-22T19:54:54.302Z",
  "synced": "2018-08-22T19:54:54.302Z",
  "phone": "512-942-7578",
  "inactive": false,
  "protected": false,
  "status": "UNREGISTERED",
  "employeeNumber": "O349804",
  "manager": null,
  "isManager": false,
  "identityProfile": {
    "id": "2c918085605c8d0601606f357cb231e6",
    "name": "E2E AD"
  },
  "source": {
    "id": "2c9180855c45b230015c46c19b9c0202",
    "name": "EndToEnd-ADSource"
  },
  "attributes": {
    "uid": "ad.admin",
    "firstname": "AD",
    "cloudAuthoritativeSource": "2c9180855c45b230015c46c19b9c0202",
    "cloudStatus": "UNREGISTERED",
    "iplanet-am-user-alias-list": null,
    "displayName": "AD Admin",
    "internalCloudStatus": "UNREGISTERED",
    "workPhone": "512-942-7578",
    "email": "SLPT.CLOUD.SAILPOINT.TEST+AD-ADMIN@GMAIL.COM",
    "lastname": "Admin"
  },
  "processingState": null,
  "processingDetails": null,
  "accounts": [
    {
      "id": "2c9180865c45e7e3015c46c434a80623",
      "name": "ad.admin",
      "accountId": "CN=AD Admin,OU=slpt-automation,DC=TestAutomationAD,DC=local",
      "source": {
        "id": "2c9180855c45b230015c46c19b9c0202",
        "name": "EndToEnd-ADSource",
        "type": "Active Directory - Direct"
      },
      "disabled": false,
      "locked": false,
      "privileged": false,
      "manuallyCorrelated": false,
      "passwordLastSet": "2018-08-22T19:54:54.302Z",
      "entitlementAttributes": {
        "memberOf": [
          "CN=Group Policy Creator Owners,CN=Users,DC=TestAutomationAD,DC=local",
          "CN=Domain Guests,CN=Users,DC=TestAutomationAD,DC=local",
          "CN=Domain Admins,CN=Users,DC=TestAutomationAD,DC=local",
          "CN=Enterprise Admins,CN=Users,DC=TestAutomationAD,DC=local",
          "CN=Schema Admins,CN=Users,DC=TestAutomationAD,DC=local",
          "CN=Guests,CN=Builtin,DC=TestAutomationAD,DC=local",
          "CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local"
        ]
      },
      "created": "2018-08-22T19:54:54.302Z"
    },
    {
      "id": "2c918083606d670c01606f35a30a0349",
      "name": "ad.admin",
      "accountId": "ad.admin",
      "source": {
        "id": "ff8081815c46b85b015c46b90c7c02a6",
        "name": "IdentityNow",
        "type": "IdentityNowConnector"
      },
      "disabled": false,
      "locked": false,
      "privileged": false,
      "manuallyCorrelated": false,
      "passwordLastSet": null,
      "entitlementAttributes": null,
      "created": "2018-08-22T19:54:54.302Z"
    }
  ],
  "accountCount": 2,
  "apps": [
    {
      "id": "22751",
      "name": "ADP Workforce Now",
      "source": {
        "id": "2c9180855c45b230015c46e2f6a8026a",
        "name": "Corporate Active Directory"
      },
      "account": {
        "id": "2c9180865c45efa4015c470be0de1606",
        "accountId": "CN=Bob Wilson,OU=Austin,OU=Americas,OU=Demo,DC=seri,DC=acme,DC=com"
      }
    }
  ],
  "appCount": 1,
  "access": [
    {
      "id": "2c918083634bc6cb01639808d40270ba",
      "name": "test [AccessProfile-1527264105448]",
      "displayName": "test",
      "type": "ACCESS_PROFILE",
      "description": "test",
      "source": {
        "id": "2c9180855c45b230015c46c19b9c0202",
        "name": "EndToEnd-ADSource"
      },
      "owner": {
        "id": "2c9180865c45e7e3015c46c434a80622",
        "name": "ad.admin",
        "displayName": "AD Admin"
      }
    },
    {
      "id": "2c9180865c45e7e3015c46c457c50755",
      "name": "Administrators",
      "displayName": "Administrators",
      "type": "ENTITLEMENT",
      "description": null,
      "source": {
        "id": "2c9180855c45b230015c46c19b9c0202",
        "name": "EndToEnd-ADSource"
      },
      "privileged": false,
      "attribute": "memberOf",
      "value": "CN=Administrators,CN=Builtin,DC=TestAutomationAD,DC=local",
      "standalone": false
    },
    {
      "id": "2c9180865decdaa5015e06598b293108",
      "name": "test [cloudRole-1503345085223]",
      "displayName": "test",
      "type": "ROLE",
      "description": "test",
      "owner": {
        "id": "2c9180865c45e7e3015c46c5030707a0",
        "name": "will.albin",
        "displayName": "Albin Will"
      },
      "disabled": false
    }
  ],
  "accessCount": 3,
  "accessProfileCount": 1,
  "entitlementCount": 1,
  "roleCount": 1,
  "tags": [
    "TAG_1",
    "TAG_2"
  ]
}

Role

{
  "id": "2c91808c6faadea6016fb4f2bc69077b",
  "name": "IT Role",
  "_type": "role",
  "description": "IT role",
  "created": "2020-01-17T19:20:15.040Z",
  "modified": null,
  "synced": "2020-02-18T05:30:20.145Z",
  "enabled": true,
  "requestable": false,
  "requestCommentsRequired": false,
  "owner": {
    "id": "2c9180a46faadee4016fb4e018c20639",
    "name": "Cloud Support",
    "type": "IDENTITY",
    "email": "thomas.edison@acme-solar.com"
  },
  "accessProfiles": [
    {
      "id": "2c91809c6faade77016fb4f0b63407ae",
      "name": "Admin Access"
    }
  ],
  "accessProfileCount": 1,
  "tags": [
    "TAG_1",
    "TAG_2"
  ]
}

Client Error - Returned if the request body is invalid.

application/json

• Schema
• Example (from schema)

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

Unauthorized - Returned if there is no authorization header, or if the JWT token is expired.

application/json

• Schema
• Example (from schema)

---

Schema

• error

  A message describing the error

{
  "error": "JWT validation failed: JWT is expired"
}

Forbidden - Returned if the user you are running as, doesn't have access to this end-point.

application/json

• Schema
• Example (from schema)
• 403

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 403 response object

{
  "detailCode": "403 Forbidden",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server understood the request but refuses to authorize it."
    }
  ]
}

Not Found - returned if the request URL refers to a resource or object that does not exist

application/json

• Schema
• Example (from schema)
• 404

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 404 response object

{
  "detailCode": "404 Not found",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The server did not find a current representation for the target resource."
    }
  ]
}

Too Many Requests - Returned in response to too many requests in a given period of time - rate limited. The Retry-After header in the response includes how long to wait before trying again.

application/json

• Schema
• Example (from schema)

---

Schema

• message

  A message describing the error

{
  "message": " Rate Limit Exceeded "
}

Internal Server Error - Returned if there is an unexpected error.

application/json

• Schema
• Example (from schema)
• 500

---

Schema

• detailCode string

  Fine-grained error code providing more detail of the error.

• trackingId string

  Unique tracking id for the error.

• messages object[]

  Generic localized reason for error

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

• causes object[]

  Plain-text descriptive reasons to provide additional detail to the text provided in the messages field

  locale string

  The locale for the message text, a BCP 47 language tag.

  localeOrigin string

  Possible values: [DEFAULT, REQUEST]

  An indicator of how the locale was selected. DEFAULT means the locale is the system default. REQUEST means the locale was selected from the request context (i.e., best match based on the Accept-Language header). Additional values may be added in the future without notice.

  text string

  Actual text of the error message in the indicated locale.

{
  "detailCode": "400.1 Bad Request Content",
  "trackingId": "e7eab60924f64aa284175b9fa3309599",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ],
  "causes": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "The request was syntactically correct but its content is semantically invalid."
    }
  ]
}

An example of a 500 response object

{
  "detailCode": "500.0 Internal Fault",
  "trackingId": "b21b1f7ce4da4d639f2c62a57171b427",
  "messages": [
    {
      "locale": "en-US",
      "localeOrigin": "DEFAULT",
      "text": "An internal fault occurred."
    }
  ]
}

Loading...