IBM Security Verify Governance REST APIs Doc

Prerequisites

Before to proceed you must be familiar with the following technologies:

• RESTful API
• JSON (JavaScript Object Notation)
• SCIM specifications (RFC7643, RFC7644)

You must also have an understanding of the IBM Security Verify Governance solution.

Restrictions

The SCIM Framework realized provides limitations on original SCIM features that include filtering, paging, patch operations and bulk.
In particular, SCIM query filter expressions with or logic operator or parenthesis or brackets are not supported.
At this stage supported operators are the following:

• and logic operator
• eq equals
• co contains
• sw starts with
• ew ends with

Moreover, in filter string each attribute must be preceded by the urn (e.g. urn:ietf:params:scim:schemas:core:2.0:User:name.givenName co \"James\").
Additionally, in SCIM search request the paging mechanism adopted is different from the SCIM specification. The paging mechanism actuated is page based, where the startPage field of SCIM search request indicates the page target and the count field specifies the number of element in that page.
Additionally, in the SCIM search request attributes selection by means attributes and excludedAttributes attributes is not implemented yet.

PATCH operations are not implemented yet, are instead available replace operations.

BULK operations are not implemented yet.

Some SCIM standard attributes are not mapped in IBM Security Verify Governance data model. You can find this information looking at the Resource Schema.

Authorization

When calling the SCIM API, you'll need to use an API Token generated calling Login API method.
You must pass the token in "Authorization" header: e.g. Authorization : Bearer WwgdmVyc2lvbj0iMS4wIiBlbmNv

How to read this document

Every API is described by the following sections:

• URL: endpoint to call the API
• Method: HTTP Method (GET, POST, DELETE, PUT)
• Attributes: represent the query param
• Parameters: represent the path param
• Headers: represent the HTTP header fields
• Request body: represent the JSON object to send in POST or PUT operation. This object is defined through the URN written in Description coloumn. You can obtain the object definition calling Resource Schema API passing the URN.

ARM Workflow

REST API for Access Request implments only User Entitlement assignment workflow. In order to operate this workflow, the following step must be executed:

Generate Request

1. Login
2. Find GEN type workflow
3. Find users by workflow
4. Find entitlement for the selected user (to update or remove entitlements)
5. Find role to add for selected user (to add entitlements)
6. Generate request with the entitlements to add and/or to remove for the selected user as beneficiary

Authorize (or Execute) Generated Request

1. Login as an approver account
2. Find AUTH type workflow
3. Find requests to work
4. Find detail for the selected request
5. Authorize (or eventually Execute) the selected request