CyberArk API Integration
These are the list of integration use cases supported by Knit for CyberArk API as part of the HRIS category
Create Employee
ID
: create_employeeOperation
: writeEntities
: employee, usersSummary
: The Create Employee API allows system administrators or users with user management rights to create a new employee in the system. The API requires a POST request to the specified endpoint with a JSON body containing employee details such as userName, emails, phoneNumbers, and optional fields like displayName, preferredLanguage, and more. The request headers must include an Authorization bearer token and specify the Content-Type as application/json. The response includes a detailed object with the created employee's information, including unique identifiers, name components, and metadata. The API ensures that the username and email are unique and valid, and it provides options to specify user attributes and organizational details.Input Fields
: Input FieldsOutput Fields
: Output Fields
Delete Group Identity API
ID
: delete_group_identity_apiOperation
: writeEntities
: identity, group, resourceSummary
: The Delete Group Identity API is used to delete a group resource identified by a unique group ID. The API requires an authorization bearer token in the request headers. The path parameter 'id' is mandatory and represents the unique group ID generated by the SCIM server. On successful deletion, the API returns a 204 No Content response. If the authorization token is expired or invalid, a 401 Unauthorized error is returned with a message indicating the user does not have access.Input Fields
: Input FieldsOutput Fields
: Output Fields
Delete User Identity API
ID
: delete_user_identity_apiOperation
: writeEntities
: identity, user, resourceSummary
: The Delete User Identity API is used to delete a user resource identified by a unique user ID. The API requires an authorization bearer token in the request headers. The path parameter 'id' is mandatory and represents the unique user ID generated by the SCIM server. On successful deletion, the API returns a 204 No Content response. If the authorization token is expired or invalid, a 401 Unauthorized error is returned with a message indicating the user is not authorized. If the user ID is not found, a 404 Not Found error is returned with details about the error.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get Group by ID - Identity API Reference
ID
: get_group_by_id_identityOperation
: readEntities
: member, metadata, groupSummary
: This API endpoint fetches a group by its unique ID attribute (group UUID) from the SCIM server. The request requires a path parameter 'id' which is the unique group ID. The request headers must include an 'Authorization' bearer token. The response includes the group's unique identifier, display name, list of members, schemas, linked object attributes, and metadata. If the request is unauthorized, a 401 error is returned with a message indicating the user is not authorized. If the group is not found, a 404 error is returned with a detailed message.Input Fields
: Input FieldsOutput Fields
: Output Fields
Query Groups Identity API
ID
: get_query_groups_identityOperation
: readEntities
: member, group, resourceSummary
: The Query Groups Identity API fetches all the groups from the SCIM service. It supports filtering, sorting, and pagination of results. The API requires an Authorization header with a Bearer token. The response includes a list of group resources, each with attributes such as id, displayName, members, and metadata. The API can return partial results based on filter query attributes like displayName and supports operators such as eq, sw, co, and ew. Sorting can be done by displayName in ascending or descending order. Pagination is supported through startIndex and count query parameters.Input Fields
: Input FieldsOutput Fields
: Output Fields
Query Users Identity API
ID
: get_query_users_identityOperation
: readEntities
: manager, user, groupSummary
: The Query Users Identity API fetches all users that are part of CyberArk Identity. It supports filtering, sorting, and pagination of results. The API requires an Authorization header with a Bearer token. Supported filter attributes include userName and emails.value, with operators such as eq, sw, co, and ew. Sorting can be done by attributes like userName and displayName. The response includes user details such as id, name, displayName, preferredLanguage, active status, emails, phoneNumbers, groups, userName, and metadata.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get User by ID - Identity API
ID
: get_user_by_id_identity_apiOperation
: readEntities
: manager, user, groupSummary
: The 'Get User by ID - Identity API' allows clients to fetch user details using the user's unique ID (UUID) generated by the SCIM server. The API requires an Authorization header with a Bearer token for authentication. The path parameter 'id' is mandatory and represents the unique user ID. The response includes detailed user information such as name, display name, preferred language, active status, emails, phone numbers, groups, and metadata. The API also handles error responses for unauthorized access (401) and not found (404) scenarios.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update Group with Patch - Identity API
ID
: patch_update_group_with_patch_identity_apiOperation
: writeEntities
: schema, group, operationSummary
: This API endpoint is used to update one or more attributes of a Group resource using a sequence of operations to 'add', 'remove', or 'replace' values. The request requires a unique group id as a path parameter and a body containing the operations to be performed and the schemas. The response includes a 200 status code with the updated group details, or error codes 400, 401, and 404 for bad request, unauthorized access, and not found errors respectively.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update User Attributes via SCIM Patch
ID
: patch_update_user_attributesOperation
: writeEntities
: user, attribute, operationSummary
: This API endpoint allows updating one or more attributes of a User resource using SCIM Patch operations. The request requires a unique user ID in the path and a sequence of operations in the body to 'add', 'remove', or 'replace' values. The request headers must include an Authorization bearer token and specify the Content-Type as application/json. The response includes the updated user attributes, such as name, display name, preferred language, active status, emails, phone numbers, groups, and metadata. The API also handles error responses for bad requests, unauthorized access, and not found errors.Input Fields
: Input FieldsOutput Fields
: Output Fields
Add Additional Attributes to Tenant Schema
ID
: post_add_additional_attributes_to_tenant_schemaOperation
: writeEntities
: tenant, schema, attributeSummary
: This API allows system administrators to add new attributes to the tenant schema or update existing attributes. The request body must include all current attributes in the schema plus any new attributes to be added. The API requires authorization via a Bearer token and accepts JSON formatted data. The response includes a result object indicating success or failure, with detailed error messages if applicable.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get Additional Attributes for CyberArk Identity User
ID
: post_additional_attributes_identityOperation
: readEntities
: user, attribute, system administratorSummary
: This API is used to retrieve the list of all current attributes and their values for a CyberArk Identity user. It can be invoked by system administrators, users with user management rights, or the user itself. The API returns a list of extensible attributes set for the specified user, excluding unset attributes unless specified using the 'IncludeNulls' parameter. The request requires the user's ID and the table name from which to fetch attributes. The response includes the result object with attribute values and potential error messages if the request fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Advance Bulk User Import - Identity API
ID
: post_advance_bulk_user_import_identityOperation
: writeEntities
: admin, user, cloud directorySummary
: The Advance Bulk User Import - Identity API allows system administrators and users with user management rights to create users in bulk in the CyberArk Identity cloud directory. This API is the second part of a two-step process, where the first step involves uploading a CSV file with user information. The API endpoint '/CDirectoryService/SubmitUploadedFile' is used to submit the uploaded file for processing. The request requires a query parameter 'importType' set to 'ImportBulkUser', and a request body containing 'ReturnID' from the preceding API call, 'AdminEmail' of the admin, and boolean flags 'SendSmsInvite' and 'SendEmailInvite'. The response includes a 'Result' object indicating the success or failure of the operation, with detailed error information if applicable.Input Fields
: Input FieldsOutput Fields
: Output Fields
Change User State - Identity API
ID
: post_change_user_state_identityOperation
: writeEntities
: user, user management right, system administratorSummary
: The Change User State - Identity API allows authorized users to change the state of a user from disabled to active or vice versa. Only system administrators, users with user management rights, or the user itself can invoke this API. However, the API will fail if the user itself tries to change its user state. The request requires a JSON body with 'uuid' (the unique ID of the user) and 'state' (a boolean indicating the desired state: true for active, false for suspended). The response includes a 'Result' object indicating success or failure, with detailed error information if applicable.Input Fields
: Input FieldsOutput Fields
: Output Fields
Check if User is Locked - Identity API
ID
: post_check_if_user_is_lockedOperation
: readEntities
: exception, user, system administratorSummary
: This API checks if a user is locked in the system. It requires the user to be a system administrator or have user management permissions, or the user may check for themselves. The request requires an authorization header with a bearer token and a query parameter specifying the user's name or UUID. The response includes a result object indicating whether the user is locked, along with potential error information if the request fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Check if user is locked out by policy
ID
: post_check_if_user_is_locked_out_by_policyOperation
: readEntities
: user, MFA challenge, system administratorSummary
: This API checks if a user is locked out by policy, meaning they cannot answer MFA challenges and authenticate against CyberArk Identity. It is accessible by system administrators, users with user management rights, or the user themselves. The user ID is passed as a query parameter, and an empty string can be used to test the currently logged-in user. Administrative users can test other users. The API returns true if the user is locked out and false otherwise. The response includes detailed information about the result, any errors, and success status.Input Fields
: Input FieldsOutput Fields
: Output Fields
Create Employee
ID
: post_create_employeeOperation
: writeEntities
: employee, usersSummary
: The Create Employee API allows system administrators or users with user management rights to create a new employee in the system. The API requires a POST request to the specified endpoint with a JSON body containing employee details such as userName, emails, phoneNumbers, and optional fields like displayName, preferredLanguage, and more. The request headers must include an Authorization bearer token and specify the Content-Type as application/json. The response includes a detailed object with the created employee's information, including unique identifiers, name components, and metadata. The API ensures that the username and email are unique and valid, and it provides options to specify user attributes and organizational details.Input Fields
: Input FieldsOutput Fields
: Output Fields
Create Group Identity API
ID
: post_create_group_identityOperation
: writeEntities
: role, group, cloud directorySummary
: The Create Group Identity API allows for the provisioning of a new group (role) to the CyberArk Cloud Directory. It uses the SCIM POST operation to create a group with a unique display name, optional members, and schemas. The request requires an Authorization header with a Bearer token and a Content-Type of application/json. The response includes a unique identifier for the group, display name, members, schemas, linked object attributes, and metadata. Possible response codes include 201 for successful creation, 400 for bad requests, 401 for unauthorized access, and 409 for conflicts.Input Fields
: Input FieldsOutput Fields
: Output Fields
Create Organization Identity API
ID
: post_create_organization_identityOperation
: writeEntities
: organization, API call, system administratorSummary
: The Create Organization Identity API allows system administrators to create a new organization by providing a name and an optional description. The API requires an authorization bearer token and the content type must be set to application/json. The request body must include the 'Name' parameter, while 'Description' is optional. Upon successful creation, the API returns the unique ID, path, description, and name of the organization. In case of errors, detailed error messages are provided, such as when the organization name already exists or if the 'Name' parameter is missing.Input Fields
: Input FieldsOutput Fields
: Output Fields
Create User - Identity API
ID
: post_create_user_identityOperation
: writeEntities
: organization, user, roleSummary
: The Create User - Identity API allows system administrators or users with user management rights to create a new user in the system. The API requires a POST request to the specified endpoint with a JSON body containing user details such as userName, emails, phoneNumbers, and optional fields like displayName, preferredLanguage, and more. The request headers must include an Authorization bearer token and specify the Content-Type as application/json. The response includes a detailed object with the created user's information, including unique identifiers, name components, and metadata. The API ensures that the username and email are unique and valid, and it provides options to specify user attributes and organizational details.Input Fields
: Input FieldsOutput Fields
: Output Fields
Delete Organization - Identity API
ID
: post_delete_organization_identity_apiOperation
: writeEntities
: organization, API call, system administratorSummary
: The Delete Organization - Identity API allows a system administrator to delete an organization by providing the unique organization ID. The API requires an authorization bearer token and the content type must be set to application/json. The request body must include the 'OrgId' parameter, which is the unique ID of the organization to be deleted. The response will include a 'Result' object indicating the success or failure of the operation, with detailed error information if applicable.Input Fields
: Input FieldsOutput Fields
: Output Fields
Delete Users - Identity API
ID
: post_delete_users_identity_apiOperation
: writeEntities
: directory service, user, administratorSummary
: The Delete Users - Identity API allows system administrators or users with user management permissions to delete cloud users. Users from other directory services are only removed from the cloud. The API will fail if any of the specified user IDs are the current user. The request requires a list of user UUIDs in the body, and the headers must include 'Accept', 'Authorization', and 'Content-Type'. The response includes a 'Result' object for successful operations or an 'Error' object if there is a failure.Input Fields
: Input FieldsOutput Fields
: Output Fields
Disable or Enable a User Account
ID
: post_disable_enable_user_accountOperation
: writeEntities
: account, user, system administratorSummary
: This API is used to lock or unlock a user account. It can be invoked by a system administrator, users with user management rights, or the user itself. The API requires the unique user ID and a boolean parameter 'lockUser' to specify whether the account should be locked. The response includes a result object indicating success or failure, and in case of failure, it provides error details.Input Fields
: Input FieldsOutput Fields
: Output Fields
Exempt a user from MFA - Identity API Reference
ID
: post_exempt_user_from_mfaOperation
: writeEntities
: mfa, user, system administratorSummary
: This API allows a system administrator or a user with user management permissions to exempt a user from Multi-Factor Authentication (MFA) login for a specified amount of time. The request requires the user's UUID as a query parameter and optionally a timespan for the exemption duration. The response includes a standard result object and an error object which may contain error message text if the operation fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Fetch attributes for a specified user
ID
: post_fetch_attributes_for_a_specified_userOperation
: readEntities
: directory service, user, attributeSummary
: This API fetches attributes for a specified user. The attributes vary depending on the type of directory service the user belongs to. The request requires headers including 'Accept', 'Authorization', and 'Content-Type'. The query parameters include 'id' for the User UUID and 'directoryServiceUuid' for the directory service UUID. The response returns a 'Result' object containing user attributes and an 'Error' object which may contain error messages if the request fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Fetch Technical Support User Identity API
ID
: post_fetch_technical_support_user_identityOperation
: readEntities
: support, identity, userSummary
: The Fetch Technical Support User Identity API allows system administrators or users with user management permissions to retrieve information about a technical support user. The request is made using a POST method to the specified endpoint with necessary headers including 'Accept', 'Authorization', and 'Content-Type'. The response includes the support user's UUID, name, and password expiration date. In case of an error, an error message may be returned.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get Administrative Rights - Identity API
ID
: post_get_administrative_rights_identity_apiOperation
: writeEntities
: organization, entity, admin rightSummary
: The 'Get Administrative Rights - Identity API' allows users with AdminUI task permission to retrieve administrative rights for a specified organization. The API requires a POST request to the endpoint 'https://{tenant_url}/Org/GetPermission' with headers including 'Accept', 'Authorization', and 'Content-Type'. The request body must contain the 'OrgId' of the organization to update. The response includes a 'Result' array detailing the updated admin rights, and an 'Error' object that may contain error messages if the operation fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get Administrators - Identity API Reference
ID
: post_get_administrators_identity_api_referenceOperation
: readEntities
: organization, administratorSummary
: This API is used to retrieve the list of administrators for a specified organization. It requires the unique organization ID as a parameter in the request body. The API can be invoked by users with AdminUI task permission. The response includes details about the administrators, such as their names, IDs, and other metadata. If the 'OrgId' parameter is missing, an error message will be returned.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get All Organizations - Identity API
ID
: post_get_all_organizations_identity_apiOperation
: readEntities
: member, organization, administratorSummary
: This API is used to retrieve a list of all organizations. It requires an authorization bearer token in the headers. Optionally, a 'format' query parameter can be provided to specify the result format, such as 'Query'. The response includes a 'Result' object containing details about the organizations, such as their unique ID, name, path, administrators, and member count. In case of errors, the response will include error details like ErrorID, ErrorCode, and Exception messages.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get Organization Roles - Identity API
ID
: post_get_organization_rolesOperation
: readEntities
: organization, roleSummary
: This API is used to retrieve the roles for a specific organization by providing the organization's unique ID. The request requires an authorization bearer token and the organization ID in the request body. The response includes a detailed list of roles and associated rights in a structured format. If the 'OrgId' parameter is missing, an error message will be returned.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get Schema - Identity API Reference
ID
: post_get_schema_identity_api_referenceOperation
: readEntities
: table, schema, attributeSummary
: The Get Schema - Identity API Reference is used to obtain a list of the current attributes (columns) for a table in the Tenant's extended schema. It is accessible by system administrators, users with user management rights, or the user itself. The API returns a list of all extensible attributes present in the specified table, along with their details. This is essential for adding or updating the Tenant schema as all existing attributes must be included. The request requires a 'Table' parameter in the body, specifying the name of the table to examine. The response includes details of the columns such as title, type, and whether they are user-editable. In case of errors, appropriate error messages and codes are provided.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get User Settings - Identity API Reference
ID
: post_get_user_settings_identityOperation
: readEntities
: error, identity, user settingSummary
: The 'Get User Settings - Identity API Reference' API allows clients to retrieve user settings based on the specified user ID and setting type. The API requires a POST request to the endpoint 'https://{tenant_url}/Core/GetUserSettings'. The request must include headers for 'Accept', 'Authorization', and 'Content-Type'. The query parameters 'ID' and 'SettingType' are required to specify the user and the type of settings to retrieve. The response includes a 'Result' array containing the user settings in UI Query Response format, and an 'Error' object that may contain error message text on failure.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get Users Details - Identity API
ID
: post_get_users_details_identityOperation
: readEntities
: system administrator, user, cloud directorySummary
: The 'Get Users Details - Identity API' allows system administrators and users with user management rights to fetch a list of all existing users in the cloud directory. This API is a POST request to the endpoint 'https://{tenant_url}/CDirectoryService/GetUsers' and does not require any parameters in the request body. The request must include an 'Authorization' header with a valid bearer token. The response includes details such as ID, name, and other attributes of all users in the cloud directory. The API response provides a comprehensive list of users, which can be used to check if a user already exists before adding a new one. The response includes a 'Result' object with user details, and in case of unauthorized access, an error message is returned.Input Fields
: Input FieldsOutput Fields
: Output Fields
Invite Cloud Users - Identity API
ID
: post_invite_cloud_usersOperation
: writeEntities
: user, role, groupSummary
: The Invite Cloud Users API allows system administrators or users with user management permissions to invite users or groups to the cloud system. The API requires an authorization bearer token and accepts a JSON body with details about the invitations, including whether to send SMS or email invites, the entities to invite, and optional role and group invite settings. The response includes a standard result object and an error object if applicable.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get Organization Details - Identity API
ID
: post_organization_details_identity_apiOperation
: readEntities
: organization, detail, identitySummary
: This API is used to retrieve details of a specific organization by providing its unique ID. The request requires headers for 'Accept', 'Authorization', and 'Content-Type', and a body containing the 'OrgId'. The response includes a 'Result' object with details of the organization if successful, or an 'Error' object with error messages if the request fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get Risk Level for a Specified User
ID
: post_risk_level_for_userOperation
: readEntities
: risk level, user, cloud directorySummary
: This API enables system administrators with user management rights to fetch the risk level details of an existing user in the Cloud Directory. The API retrieves the latest risky event of a user and the point-in-time risk generated by the system. The request requires the user's unique ID in the request body and appropriate authorization headers. The response includes the user's unique ID, risk level, and success status. In case of failure, error details are provided.Input Fields
: Input FieldsOutput Fields
: Output Fields
Send Invitation Email - Identity API
ID
: post_send_invitation_email_identityOperation
: writeEntities
: invitation email, user, administratorSummary
: The Send Invitation Email - Identity API allows system administrators to send invitation emails to a list of users identified by their UUIDs. The API requires a POST request to the endpoint 'https://{tenant_url}/UserMgmt/SendLoginEmails'. The request must include headers for 'Accept', 'Authorization', and 'Content-Type', and a JSON body containing an array of user UUIDs under the 'ID' key. The response will include a 'Result' object indicating success or an 'Error' object with a message if the operation fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Send Invitation SMS - Identity API
ID
: post_send_invitation_sms_identityOperation
: writeEntities
: user management permission, user, system administratorSummary
: The Send Invitation SMS - Identity API allows system administrators or users with user management permissions to send an invitation SMS to a user identified by their UUID. The API requires an Authorization header with a Bearer token. The request must include the user's UUID as a query parameter. The response will contain a standard result object and may include an error message if the operation fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Set Additional Attributes for CyberArk Identity User
ID
: post_set_additional_attributes_for_cyberark_identity_userOperation
: writeEntities
: user, attribute, system administratorSummary
: This API is used to update the extended attribute values for a CyberArk Identity user. It can be invoked by system administrators, users with user management rights, or the user itself. The API requires the user ID, the table name, and the columns with new values to update. The attribute value can be a string, date, boolean, double, or integer and must match the column definition. To clear an attribute's value, it can be set to null. The response includes a result object indicating success or failure, and in case of failure, detailed error messages are provided.Input Fields
: Input FieldsOutput Fields
: Output Fields
Set User State in CyberArk Identity
ID
: post_set_user_state_in_cyberark_identityOperation
: writeEntities
: account, user, stateSummary
: The Set User State API in CyberArk Identity allows system administrators and users with user management permissions to lock, disable, or set a Cloud Directory account to expired. The API accepts a POST request to the endpoint https://{tenant_url}/CDirectoryService/SetUserState with a JSON body containing the 'ID' of the user and the desired 'state' (None, Locked, Disabled, or Expired). The request must include an Authorization header with a Bearer token. The response includes a 'Result' object indicating success or failure, and an 'Error' object with messages for invalid inputs.Input Fields
: Input FieldsOutput Fields
: Output Fields
Set User's Picture via Identity API
ID
: post_set_users_pictureOperation
: writeEntities
: user, picture, administratorSummary
: This API allows setting a user's picture/photo for a particular user. It can be invoked by system administrators, users with user management rights, or the user itself. The request requires a User UUID as a query parameter and a file containing the user's picture in the request body. The response includes a success flag, URI path to the user's picture, and potential error messages if the operation fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Start Bulk User Import in CyberArk Identity Cloud Directory
ID
: post_start_bulk_user_importOperation
: writeEntities
: csv file, user, cloud directorySummary
: This API is used to initiate the bulk user import in the CyberArk Identity cloud directory. It is intended for system administrators and users with user management rights. The API takes a CSV file containing user information and the file name as form-data in the request. Upon invocation, the API reads the list of users and their information from the CSV file, stores the file in cloud storage, and returns a ReturnID with the formatted name of the CSV. The CSV file is validated for correct data formatting, and validation errors are returned if the information is not correctly formatted. The request requires an authorization bearer token and the content type to be set to application/json. The response includes a result object with details of the operation, including any errors or exceptions encountered.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update AD User Attributes
ID
: post_update_ad_user_attributesOperation
: writeEntities
: active directory user, attribute, system administratorSummary
: This API is used to update the value of different attributes for CyberArk Identity active directory users. System administrators and users with user management rights, or the user itself can invoke this API. To update multiple attributes, add them in the request body and make the update call with this API. The JSON in the request body must include the unique id of the active directory user for whom the update has to be made. The request includes headers for Accept, Authorization, and Content-Type, and a body with attributes such as CmaRedirectedUserUuid, ID, MobileNumber, and OrgPath. The response includes a Result object indicating success or failure, and an Error object with messages for invalid or empty user IDs.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update Administrative Rights - Identity API
ID
: post_update_administrative_rights_identityOperation
: writeEntities
: permission, right, organizationSummary
: The Update Administrative Rights API allows a system administrator to update permissions for an organization. The request requires an authorization bearer token and a JSON body specifying the organization ID, rights to grant, and rights to revoke. The response includes a resulting object or an error message if the operation fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update Administrators for Organization
ID
: post_update_administrators_for_organizationOperation
: writeEntities
: organization, user, administratorSummary
: The 'Update Administrators for Organization' API allows a system administrator to add or delete administrators for a specified organization. The API requires the unique organization ID ('OrgId') and details of users to be added ('Grant') or deleted ('Revoke'). The request body must include these details in JSON format. The response will indicate success or provide error details if the operation fails. The API returns a structured response with potential error messages and a success flag.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update Base Profile Identity API
ID
: post_update_base_profile_identityOperation
: writeEntities
: cloud user, user, system administratorSummary
: The Update Base Profile Identity API allows authorized users to update information for a specified cloud user. This API can be invoked by system administrators, users with user management rights, or the user themselves. The request body must include the unique ID of the cloud user to be changed, along with optional fields such as display name, email, and phone numbers. The response will indicate success or provide error details if the operation fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update Organization Identity API
ID
: post_update_organization_identityOperation
: writeEntities
: organization, identity, system administratorSummary
: The Update Organization Identity API allows a system administrator to update the details of an organization. The API requires the unique organization ID and optionally accepts a new name and description for the organization. The request must include headers for Accept, Authorization, and Content-Type. The response will include a result object indicating success or failure, with detailed error messages if applicable.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update Organization Membership
ID
: post_update_organization_membershipOperation
: writeEntities
: member, organization, entitySummary
: The Update Organization Membership API allows you to add or delete members for an organization. You need to provide the unique ID for the organization and the details of the members to be added or deleted. The request body includes 'Add' and 'Remove' arrays for specifying members to add or remove, and the 'OrgId' which is required. The response includes a 'Result' object indicating success or failure, and an 'Error' object with error messages if applicable.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update User Profile - Identity API
ID
: post_update_user_profileOperation
: writeEntities
: user, profile, attributeSummary
: The Update User Profile API allows system administrators, users with user management rights, or the user itself to update an existing cloud user's properties. The API endpoint is 'https://{tenant_url}/User/UpdateProfile' and it uses the POST method. The request body must include the unique ID of the cloud user to update, and can optionally include other user details such as home number, display name, office number, mobile number, email, and more. The response will indicate success or provide error details if the update fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get User Attributes - Identity API
ID
: post_user_attributes_identityOperation
: readEntities
: identity, user, attributeSummary
: The 'Get User Attributes - Identity API' allows clients to retrieve detailed information about a cloud user. The API requires a POST request to the specified endpoint with an authorization bearer token in the headers. The response includes user attributes such as name, email, phone numbers, and other personal details. If successful, the 'Result' object contains these details. In case of failure, an 'Error' object may be returned.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get User Details by Name - Identity API
ID
: post_user_details_by_nameOperation
: readEntities
: permission, user, cloudSummary
: The 'Get User Details by Name - Identity API' allows you to retrieve details of a cloud user by their username. The request requires you to be the specified user, a system administrator, or have user management permissions. The API endpoint is accessed via a POST request to 'https://{tenant_url}/CDirectoryService/GetUserByName'. The request headers must include 'Accept', 'Authorization', and 'Content-Type'. The request body must contain the 'username' of the user whose details are to be fetched. The response includes detailed information about the user such as their name, contact numbers, email, and other attributes. If the request fails, an error message is returned.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get User Details - Identity API
ID
: post_user_details_identityOperation
: readEntities
: system administrator, user, cloud directorySummary
: The Get User Details API allows system administrators, users with user management rights, or the user itself to fetch details of a specific existing user in the cloud directory. The API requires a POST request with the user's unique ID in the request body. The response includes user details such as ID, name, email, and other attributes. Only authorized users can fetch details of other users, while standard users can only access their own details. The response also includes error information if the request fails.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get User Hierarchy - Identity API
ID
: post_user_hierarchy_identity_apiOperation
: readEntities
: hierarchy, directory service, userSummary
: The Get User Hierarchy API is used to retrieve the reporting hierarchy for a specified user. The API requires an optional query parameter 'id' which is the unique identifier for the user whose hierarchy is to be fetched. If not provided, it defaults to the current user. The request headers must include 'Accept', 'Authorization', and 'Content-Type'. The response includes a 'Result' object containing details about the user and their hierarchy, along with error information if applicable. The 'Result' object includes properties such as 'Uuid', 'Name', and other user-specific properties. The 'success' field indicates if the API call was successful.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get User Information - Identity API
ID
: post_user_information_identityOperation
: readEntities
: tenant, directory service, userSummary
: The 'Get User Information - Identity API' allows authorized users to retrieve detailed information about a specific user within the system. This API can be invoked by system administrators, users with user management rights, or the user themselves. It is a high CPU intensive call, so results should be cached as needed. The request requires headers for 'Accept', 'Authorization', and 'Content-Type'. The query parameter 'id' is optional and specifies the unique ID of the user to fetch attributes for. The response includes a comprehensive set of user attributes such as email address, display name, directory service details, and various configuration settings. The response also indicates success or failure and provides error details if applicable.Input Fields
: Input FieldsOutput Fields
: Output Fields
Get User Roles and Administrative Rights
ID
: post_user_roles_and_admin_rightsOperation
: readEntities
: user role, administrative right, system administratorSummary
: This API is used to retrieve a list of user roles and administrative rights associated with those roles. It is accessible only to system administrators or users with user management rights. The request requires a unique user ID as a query parameter and accepts additional arguments in the request body to control pagination, caching, and sorting. The response includes detailed information about the user's roles, administrative rights, and any errors encountered during the request.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update Group Identity API
ID
: put_update_group_identityOperation
: writeEntities
: member, schema, groupSummary
: The Update Group Identity API is used to replace a group resource's attributes using the SCIM PUT operation. The API endpoint requires a unique group ID as a path parameter. The request body must include the 'displayName' of the group, and optionally, the 'members' and 'schemas' attributes. The response includes the updated group details, such as 'id', 'displayName', 'members', 'schemas', and metadata. The API returns various HTTP status codes, including 200 for success, 400 for bad requests, 401 for unauthorized access, and 404 for not found errors.Input Fields
: Input FieldsOutput Fields
: Output Fields
Update User Identity API
ID
: put_update_user_identityOperation
: writeEntities
: manager, user, attributeSummary
: The Update User Identity API is used to replace a user resource's attributes using the SCIM PUT operation. The API endpoint is 'https://{tenant_url}/scim/Users/{id}', where 'id' is the unique user id generated by the SCIM server. The request requires a JSON body containing user attributes such as 'name', 'displayName', 'preferredLanguage', 'active', 'userName', 'emails', 'phoneNumbers', and optional extended attributes. The response returns the updated user details, including 'id', 'name', 'displayName', 'preferredLanguage', 'active', 'emails', 'phoneNumbers', 'groups', 'userName', 'schemas', and metadata. The API supports error responses for bad requests, unauthorized access, and not found errors.Input Fields
: Input FieldsOutput Fields
: Output Fields
Updated about 1 month ago