API Authentication Screen
This screen can be found by navigating to Settings > General > API Authentication.
On this screen, you can do the following:
- Check your Client ID and Client Secret
- Generate a new Client Secret
Get Token - Sample Request
curl -X POST http://[HOST_FQDN]:8011/token -d "grant_type=client_credentials&scope=api&client_id=[CLIENT_ID_URL_ENCODED]&client_secret=[CLIENT_SECRET_URL_ENCODED]
Note
Make sure to use the correct URL scheme (http/https) and service port. the default port is 8011.
Get Token - Sample Response
{
"expires_in":86400.0,
"scope":"api", "access_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjNTZlMDJlLWJmNTMtNDE1Mi1hZDZmLTI3ZDhhYWVkZGIzNSJ9.eyJhdWQiOlsibHl1K3ZPU3N3Qk1xZkxXbzBhbU9nQT09Il0sImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAxMSIsInNjb3BlIjpbImFwaSJdLCJpYXQiOjE2NzQ2NDA3MjUuMCwiZXhwIjoxNjc0NzI3MTI1LjB9.Qy3zG8Fj4i6aP4H4r5gLLI9DTPaXzFRrhsv3dWoAZlPvSfDT9oJzCMTPJQnz1OR4-CIN2lu8j482fArDwJ9WlkwuGi8aciUzvMrO6-wl90kDvKfiV60GlZFoEVjXebKnkyi1SRF_5l8IJ7VsHFGl91wzhPnVxLZfM8zy82tfWFyu_nXaNq1MGQY3e54KUeVo29rXoARvKGBxrbvSoLmiBthUHU0INzsddb7aaGyf9uPHLninhGouhU9XPB7DVg0zMF6VF67xDMdzV9WA8iw5Duz7c8oSln8pHaj8mEF4AXLBdQtCwLVeOLvaeuHeoThayhZgaOPEOz5n952G8a9Tfg",
"refresh_token":"40a5d02f-7570-4659-9e59-97dfbb726ece",
"token_type":"Bearer"
}
Using the access_token value can make requests to any REST endpoint using “Authorization: Bearer” in the header.
Sample REST endpoint request header parameter
{"Authorization":"Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjNTZlMDJlLWJmNTMtNDE1Mi1hZDZmLTI3ZDhhYWVkZGIzNSJ9.eyJhdWQiOlsibHl1K3ZPU3N3Qk1xZkxXbzBhbU9nQT09Il0sImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAxMSIsInNjb3BlIjpbImFwaSJdLCJpYXQiOjE2NzQ2NDA3MjUuMCwiZXhwIjoxNjc0NzI3MTI1LjB9.Qy3zG8Fj4i6aP4H4r5gLLI9DTPaXzFRrhsv3dWoAZlPvSfDT9oJzCMTPJQnz1OR4-CIN2lu8j482fArDwJ9WlkwuGi8aciUzvMrO6-wl90kDvKfiV60GlZFoEVjXebKnkyi1SRF_5l8IJ7VsHFGl91wzhPnVxLZfM8zy82tfWFyu_nXaNq1MGQY3e54KUeVo29rXoARvKGBxrbvSoLmiBthUHU0INzsddb7aaGyf9uPHLninhGouhU9XPB7DVg0zMF6VF67xDMdzV9WA8iw5Duz7c8oSln8pHaj8mEF4AXLBdQtCwLVeOLvaeuHeoThayhZgaOPEOz5n952G8a9Tfg"}
Refresh Token
The following is a sample to refresh the token:
curl -X POST http://[HOST_FQDN]:8011/token -d
"grant_type=refresh_token&scope=api&client_id=[CLIENT_ID_URL_ENCODED]&client_secret=[CLIENT_SECRET_URL_ENCODED]&refresh_token=[CLIENT_REFRESH_TOKEN_URL_ENCODED]"
The token expiration is 24 hours by default.
The refresh token expiration is 1,440 hours (60 days) by default.
Note
This can be changed in the "SailPoint.Fam.Server.RestApiService.dll.config" file. This change will require all the REST API services to be updated and restarted.
Endpoints - POST / Activities
The activities endpoint allows an external service to provide File Access Manager with activities for only the following application types:
- CIFS
- NFS
- Linux
- AWS S3
- Azure Files
Note
Since these activities follow the same path as any activity in File Access Manager, they can be enriched with DECs and data classification information. They can also produce alerts.
Sending activities request data sample
[
{
"applicationName": "APPLICATION NAME1",
"timestamp": "2022-12-18T10:40:58.9839062Z",
"userName": "administrator",
"objectName": "file_name.txt",
"action": "Read",
"resource": "\\\\host\\share1\\temp\\foler Name",
"userDomain": "acme",
"extraProperties": {
"ipAddress": "1.2.3.4",
"objectNewName": "",
"newResource": "",
"fileExtension": "txt",
"objectType": "File",
"oldName": "",
"oldResource": ""
}
},
{
"applicationName": "APPLICATION NAME2",
"timestamp": "2022-12-18T13:40:58.9839062Z",
"userName": "john_doe@acme.com",
"objectName": "personal_details.xlsx",
"action": "Write",
"resource": "\\\\host\\e$\\data",
"userDomain": "",
"extraProperties": {
"fileExtension": "txt",
"objectType": "File"
}
}
]
Mandatory Fields:
- applicationName
- timestamp (ISO 8601)
- userName
- objectName
- action
- resource
Sending activities response sample
The following is an activities response sample describing one successful activity and one failure:
{
"successfulActivities": 1,
"activityResponses": [
{
"activity": {
"applicationName": "APPLICATION NAME2",
"timestamp": "2022-12-18T13:40:58.9839062Z",
"userName": "john_doe@acme.com",
"objectName": "personal_details.xlsx",
"action": "Write",
"resource": "\\\\host\\e$\\data",
"userDomain": "",
"extraProperties": {
"fileExtension": "txt",
"objectType": "File"
}
},
"errorMsgs": [
"Application 'APPLICATION NAME2' not found or isn't supported. Discarding activity."
]
}
]
}