Web services API

This API consists of multiple web services, which are grouped by function. The services are listed alphabetically except the WSSessionService. This service is listed first since it is the first service that is called by any application. The session object that is returned by its login method is used as a parameter in all subsequent services.

WSSessionService

The WSSessionService web service provides authentication, session creation, and password challenge authentication. A client calls WSSessionService before you start any other web services. WSSessionService returns a session (handle) object that must be passed to the other web service calls to maintain a threaded conversation. The service provides the following operations:
  • Login.
  • Logout.

You can also use the WSUnauthService web service for other operations.

WSAccessService

The WSAccessService web service provides the following operations:
  • Create a user access.
  • Retrieve existing user access of a person.
  • Remove user access.
  • Search access entitlements available to a person.
The service provides following operations:
  • Create and modify accesses.
  • Do access searches.

WSAccountService

The WSAccountService web service provides the following operations to do account-related tasks:
  • Create, modify, and other simple account operations.
  • Retrieve default account attributes for a new account as specified by the provisioning policy.
  • Retrieve the account profile name for a service.

WSExtensionService

The WSExtensionService web service provides a framework to extend the existing web services that are used by users. The service provides the users to create an operation to show a new Identity Manager API. The detailed steps to create an extension service are specified in the ITIMWS.odt file, which is in the extensions.zip file.

From the Appliance Dashboard on the Identity Manager virtual appliance console, click Configure > Advanced Configuration > Custom File Management. From the All Files tab, go to directories/utilities and download the extensions.zip file and extract it. View the ITIMWS.odt file in \extensions\7.0\doc\ws.

WSGroupService

The WSGroupService web service provides group management functions. The service provides the following operations:
  • Create and remove groups.
  • Search groups.
  • Manage group membership.

WSOrganizationalContainerService

The WSOrganizationalContainerService web service provides Identity Manager organization tree traversal and retrieval methods.

WSPasswordService

The WSPasswordService web service provides password management functions. The service provides the following operations:
  • Validates the password as per the password policy rules.
  • Enables change or generate password.

WSPersonService

The WSPersonService web service provides person-object related methods. The service provides the following operations:
  • Create, modify, suspend, restore, delete, and other simple person operations.
  • Retrieve the services to which a person is entitled in Identity Manager or accounts.
  • Do person searches.
  • Retrieve the person object of the Principal.

WSProvisioningPolicyService

The WSProvisioningPolicyService web service deals with the provisioning policy. The service provides the following operations:
  • Search provisioning policies.
  • Create, modify, and delete provisioning policies.

WSRequestService

The WSRequestService web service provides the Identity Manager request related functions. The service provides the following operations:
  • Search for completed requests.
  • Retrieve pending requests.
  • Retrieve the request object that is based on the process ID or request ID.

WSRoleService

The WSRoleService web service provides role-based capabilities in the Identity Manager. The service provides the following operations:
  • Create and modify roles.
  • Do role searches.
  • Manage role hierarchy.

WSSearchDataService

The WSSearchDataService web service provides functions to search various Identity Manager directory objects. The search method does not enforce the Identity Manager ACIs, but a valid Identity Manager session is required to call these methods. The service provides the following operations:
  • Search for persons from root container.
  • Search for persons that are having an Identity Manager account.
  • Search for the possible delegates within Identity Manager for the logged-in user.
  • Retrieve the searchable attributes of an entity in Identity Manager.
  • Retrieve common searchable attributes for the Identity Manager entity.

WSServiceService

The WSServiceService web service provides Identity Manager-based managed services (end-point configuration) functions. The service provides the following operations:
  • Retrieve support data. For example, group data for UNIX, Linux®, or Microsoft Windows services.
  • Determine whether a password is required when provisioning on a service.
  • Retrieve services that are configured on Identity Manager.

WSSharedAccessService

The WSSharedAccessService web service provides many functions for the shared access module that is introduced in Identity Manager . The web service clients must call the login method before it calls any other web services. The service provides the following operations:
  • Retrieve authorized shared accesses.
  • Retrieve the credentials.
  • Check in or checkout credentials.
Note: You must install and enable the shared access module in order to use the WSSharedAccessService API.
For more information, see Shared access web services API.

WSSystemUserService

The WSSystemUserService web service provides the functions that are related to system users. The service provides the following operations:
  • Manage delegates, that is, add, modify, or delete delegates.
  • Retrieve all the system roles.
  • Configure challenge response.
  • Search for system users who have an Identity Manager account.

WSToDoService

The WSToDoService web service provides the functions to manage the different activities available in Identity Manager. The service provides the following operations:
  • Approve or reject activities.
  • Retrieve or Submit Request for information activity details.
  • Retrieve the pending activities of the logged-in user.

WSUnauthService

The WSUnauthService web service provides an interface for all the web service APIs that do not require the Identity Manager authentication. The service provides the following operations:
  • Version information.
  • Reset password by using the challenge responses.
  • Password policies.