Skip to content

API Authentication Screen

This screen can be found by navigating to Settings > General > API Authentication.

On this screen, you can do the following:

  • Check your Client ID and Client Secret
  • Generate a new Client Secret

Get Token - Sample Request

curl -X POST http://[HOST_FQDN]:8011/token -d "grant_type=client_credentials&scope=api&client_id=[CLIENT_ID_URL_ENCODED]&client_secret=[CLIENT_SECRET_URL_ENCODED]

Note

Make sure to use the correct URL scheme (http/https) and service port. the default port is 8011.

Get Token - Sample Response

{ "expires_in":86400.0, "scope":"api", "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjNTZlMDJlLWJmNTMtNDE1Mi1hZDZmLTI3ZDhhYWVkZGIzNSJ9.eyJhdWQiOlsibHl1K3ZPU3N3Qk1xZkxXbzBhbU9nQT09Il0sImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAxMSIsInNjb3BlIjpbImFwaSJdLCJpYXQiOjE2NzQ2NDA3MjUuMCwiZXhwIjoxNjc0NzI3MTI1LjB9.Qy3zG8Fj4i6aP4H4r5gLLI9DTPaXzFRrhsv3dWoAZlPvSfDT9oJzCMTPJQnz1OR4-CIN2lu8j482fArDwJ9WlkwuGi8aciUzvMrO6-wl90kDvKfiV60GlZFoEVjXebKnkyi1SRF_5l8IJ7VsHFGl91wzhPnVxLZfM8zy82tfWFyu_nXaNq1MGQY3e54KUeVo29rXoARvKGBxrbvSoLmiBthUHU0INzsddb7aaGyf9uPHLninhGouhU9XPB7DVg0zMF6VF67xDMdzV9WA8iw5Duz7c8oSln8pHaj8mEF4AXLBdQtCwLVeOLvaeuHeoThayhZgaOPEOz5n952G8a9Tfg", "refresh_token":"40a5d02f-7570-4659-9e59-97dfbb726ece", "token_type":"Bearer" }

Using the access_token value can make requests to any REST endpoint using “Authorization: Bearer” in the header.

Sample REST endpoint request header parameter

{"Authorization":"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjNTZlMDJlLWJmNTMtNDE1Mi1hZDZmLTI3ZDhhYWVkZGIzNSJ9.eyJhdWQiOlsibHl1K3ZPU3N3Qk1xZkxXbzBhbU9nQT09Il0sImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAxMSIsInNjb3BlIjpbImFwaSJdLCJpYXQiOjE2NzQ2NDA3MjUuMCwiZXhwIjoxNjc0NzI3MTI1LjB9.Qy3zG8Fj4i6aP4H4r5gLLI9DTPaXzFRrhsv3dWoAZlPvSfDT9oJzCMTPJQnz1OR4-CIN2lu8j482fArDwJ9WlkwuGi8aciUzvMrO6-wl90kDvKfiV60GlZFoEVjXebKnkyi1SRF_5l8IJ7VsHFGl91wzhPnVxLZfM8zy82tfWFyu_nXaNq1MGQY3e54KUeVo29rXoARvKGBxrbvSoLmiBthUHU0INzsddb7aaGyf9uPHLninhGouhU9XPB7DVg0zMF6VF67xDMdzV9WA8iw5Duz7c8oSln8pHaj8mEF4AXLBdQtCwLVeOLvaeuHeoThayhZgaOPEOz5n952G8a9Tfg"}

Refresh Token

The following is a sample to refresh the token:

curl -X POST http://[HOST_FQDN]:8011/token -d

"grant_type=refresh_token&scope=api&client_id=[CLIENT_ID_URL_ENCODED]&client_secret=[CLIENT_SECRET_URL_ENCODED]&refresh_token=[CLIENT_REFRESH_TOKEN_URL_ENCODED]"

The token expiration is 24 hours by default.

The refresh token expiration is 1,440 hours (60 days) by default.

Note

This can be changed in the "SailPoint.Fam.Server.RestApiService.dll.config" file. This change will require all the REST API services to be updated and restarted.

Endpoints - POST / Activities

The activities endpoint allows an external service to provide File Access Manager with activities for only the following application types:

  • CIFS
  • NFS
  • Linux
  • AWS S3
  • Azure Files

Note

Since these activities follow the same path as any activity in File Access Manager, they can be enriched with DECs and data classification information. They can also produce alerts.

Sending activities request data sample

  [
  {
     "applicationName": "APPLICATION NAME1",
     "timestamp": "2022-12-18T10:40:58.9839062Z",
     "userName": "administrator",
     "objectName": "file_name.txt",
     "action": "Read",
     "resource": "\\\\host\\share1\\temp\\foler Name",
     "userDomain": "acme",
     "extraProperties": {
        "ipAddress": "1.2.3.4",
        "objectNewName": "",
        "newResource": "",
        "fileExtension": "txt",
        "objectType": "File",
        "oldName": "",
        "oldResource": ""
     }
  },
  {
     "applicationName": "APPLICATION NAME2",
     "timestamp": "2022-12-18T13:40:58.9839062Z",
     "userName": "john_doe@acme.com",
     "objectName": "personal_details.xlsx",
     "action": "Write",
     "resource": "\\\\host\\e$\\data",
     "userDomain": "",
     "extraProperties": {
        "fileExtension": "txt",
        "objectType": "File"
     }
  }
  ]

Mandatory Fields:

  • applicationName
  • timestamp (ISO 8601)
  • userName
  • objectName
  • action
  • resource

Sending activities response sample

The following is an activities response sample describing one successful activity and one failure:

  {
  "successfulActivities": 1,
  "activityResponses": [
     {
        "activity": {
        "applicationName": "APPLICATION NAME2",
        "timestamp": "2022-12-18T13:40:58.9839062Z",
        "userName": "john_doe@acme.com",
        "objectName": "personal_details.xlsx",
        "action": "Write",
        "resource": "\\\\host\\e$\\data",
        "userDomain": "",
        "extraProperties": {
           "fileExtension": "txt",
           "objectType": "File"
        }
        },
        "errorMsgs": [
        "Application 'APPLICATION NAME2' not found or isn't supported. Discarding activity."
        ]
     }
  ]
  }