Keywords
The Web Service
Used for configuring the provisioning operations such as create account and update account.
For example:
Context URL – /api/core/v3/people/$plan.nativeIdentity$
JSON Body example for plan:
{"new_members": [
{
"email": "$plan.email$",
"first_name": "$plan.first_name$",
"surname": "$plan.surname$",
"send_welcome_email": $plan.send_welcome_email$,
"role": {
".tag": "member_only"
}
}
]
}
Used for multiple endpoints, where the response from the first endpoint is provided as an input for the second endpoint.
For example, there are two endpoints for account aggregation.
-
The first endpoint returns a response as a list of
member_ids
that is an input for the second endpoint as mentioned in the next point. -
Second endpoint's JSON body is:
{"members_info":[{"member_id":"$response.member_id$"}]}
Used to get other configuration attributes from the current
For example:
"$application.<accesstoken>$",
where <accesstoken>
is
Used while performing Aggregate Account (get a single account details).
For example:
- JSON body:Copy
{"members": [
{
".tag": "member_id",
"member_id": "$getobject.nativeIdentity$"
}
]
} -
Context URL for get object:
/api/v4/admin/$getobject.nativeIdentity$
Indicates the AccountID (identity attribute) in the plan or during getobject
operation.
For example, nativeIdentity is used along with the keyword as follows:
-
getobject –
$getobject.nativeIdentity$
-
plan –
$plan.nativeIdentity$
Note
There may be instances where the `nativeIdentity` is present in the account request for account creation. In such cases, the `nativeIdentity` may occasionally reflect different values.
Represents the Plans nativeIdentity in the Provisioning plan.
For example, planNativeIdentity
is used along with the keyword as follows:
- plan –
$plan.planNativeIdentity$
Web Services can be configured with native identity from the provisioning plan using placeholder $plan.planNativeIdentity$
.
Note
There is a possibility that the nativeIdentity
may be present in the account creation request. It may sometimes correspond to different values.
To provide the username and password in the endpoint configuration, use the following placeholders:
$authenticate.username$
$authenticate.password$
For more information on configuration for pass-through authentication, see Pass Through Authentication.
Note
SailPoint recommends using a placeholder in the body and url rather than adding sensitive information directly. For example
https://TESTMACHINE:9096/users/user/$application.accesstoken$
In the above table for examples of attributes that are mapped to a raw JSON response, it may contain formatted values as follows (similar to ".tag": "member_id"):
['.tag']
['@etag']
['@@test']
['complex.name']
['role name']
['role_name']