Skip to content

Managing API Settings

The Non-Employee Risk Management API allows you and your applications to leverage product features programmatically. For example, you can use the API to support application integrations or to upload profile data.

To access the APIs, go to the SailPoint developer site.

Generating a New API Key

You can generate multiple API keys to fulfill individual use cases, making it easier to track API activity.

To manage and review API activity and keys:

  1. Go to Admin > System > Api in the left navigation.

    The KEYS and SETTINGS tabs are displayed.

  2. Select + Api Key.

  3. In the Name field, enter a unique name for the key and select create.

    A token is automatically generated and the key appears in the list of API keys. All API keys are displayed here, regardless of the admin who created them.

Managing Existing API Keys

You can update the names of existing API keys, delete them, or view their transaction history from the list of API keys.

To manage existing API keys, from the Admin console:

  1. Go to Admin > System > Api.

  2. To edit a specific API key, select the name of the key you want to edit.

    The INFO tab is displayed.

  3. To edit the API key's name, update the information in the Name field and select save.

  4. To review authentication requests submitted to the API gateway using this key, select the TRANSACTIONS tab.

    GET requests are not listed in this tab because they do not alter data.

Deleting an API Key

You can delete an API key if it is no longer needed.

To delete an API key:

  1. Go to Admin > System > Api.

  2. Select the checkbox beside each key you want to delete.

  3. Select the ellipsis icon and select Delete.

  4. Select Delete. Your API keys and their transaction histories are permanently deleted.

Updating API Security Settings

You can specify the IP addresses that can make API requests for your environment.

To update your API's security settings:

  1. Go to Admin > System > Api.

  2. Select the SETTINGS tab.

  3. Under IP WHITELIST, in the Permitted ips section, enter an IP address that should be allowed to make API calls.

  4. Select the Add to list icon .

  5. Repeat steps 3 and 4 until the Permitted ips list contains all IP addresses that should be allowed to access your environment's APIs.

    Select the Delete icon beside an IP address to remove it from the list.

  6. Select save.