Chat now with support
Chat with Support

Identity Manager 9.3 - API Development Guide

Response formats

Most API methods return results in JSON format (application/json). Furthermore, there is support for results in CSV and PDF format as long as the result of the respective API method is declared as exportable (with the AllowExport flag). Basically, an API method can return results in any format compatible with HTTP.

To obtain results in CSV format

  • In the request, set Accept header to text/csv.

To obtain results in PDF format

  • In the request, set Accept header to applciation/pdf.

    NOTE: To obtain results in PDF format, the RPS module must be installed on your system.

Related topics

Authentication

User authentication is carried out on the API Server for each API project.

Running an API method requires prior authentication on an API project. If the API method is marked as AllowUnauthenticated, authentication is not required (you can find an example in the SDK)

Authentication has two steps:

  1. Required primary authentication: Default authentication through an authentication module

  2. Optional secondary authentication: Multi-factor authentication (using OneLogin)

For more information about configuring authentication, see the One Identity Manager Web Application Configuration Guide.

Related topics
Detailed information about this topic

Configuring authentication

You can specify how users authenticate themselves on your API. You configure authentication in the API project.

To configure authentication

  1. Edit your API project.

  2. Create the SessionAuthDbConfig class and populate the following properties:

    1. Product: Specify the application with the authentication module that you want to use (for example the WebDesigner or the Manager),

    2. SsoAuthentifiers: Specify the single sign-on authentication modules to use.

    3. ExcludedAuthentifiers: Specify the authentication modules not to use.

Authentication (primary)

You can use the imx/login/<API project name> API method for primary authentication on the API project.

To do this, use the POST HTTP method to send a request containing the following:

{ "Module": "RoleBasedPerson", "User": "<user name>", "Password": "<password>" }

TIP: See the SDK for examples.

Security mechanisms

The API Server uses a security mechanism to prevent cross-site request forgery (XSRF) attacks. This randomly generates a token (XSRF-TOKEN) and sends it to the client in a cookie at login. The client must then transmit the value of this token in an HTTP header (X-XSRF-TOKEN) in each request sent to the server. If this header is missing, the request is terminated with error code 400.

NOTE: If an API request breaks off with an error and indicates an incorrect CSRF protection cookie, check if your browser accepts the cookies sent by the browser.

TIP: You can change the name and path of the cookie and the name of the HTTP header in the Administration Portal. To do this, use the Name of the cookie containing the CSRF protection token issued by the server (XsrfProtectionCookieName) and Path for the CSRF protection cookie (XsrfProtectionCookiePath) configuration keys.

You can also disable CSRF protection in the Administration Portal (Globally disable CSRF protection tokens (XsrfProtectionDisabled) configuration key). One Identity does not recommend doing this.

For more information about editing configuration keys, see the One Identity Manager Web Application Configuration Guide.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating