Calling IDM REST APIs from within workflows

Identity Manager since 4.5 provides REST APIs within the IDM Applications which has been used to develop the erstwhile dash/landing User Interface and the latest Identity Manager Dashboard since 4.6. The latest UI has been developed on top of these REST End Points. These REST End Points can be leveraged to get information about identities, their relationships, permissions. They can also be used to request access, or approve a request.

Sometimes (actually a lot of times), these APIs can be used from within the workflows or forms to get necessary information.

Couple of examples, build a user lookup widget in the forms can use the REST api to get users from the system (*&clientId=1&nextIndex=11&size=10&sortOrder=asc&sortBy=FirstName).

Similarly if you want to get information about logged in user in forms you can get that by using REST API to get logged in user's information (/IDMProv/rest/access/users/userDefaults).

You can get more information about the REST APIs available with the IDM Applications by referring to the REST API Documentation available within the product by referring to https://identity applications servername:8643/idmappsdoc URL.

Here is a sample PRD that gets the logged in user information using REST APIs in the approval form.

prd -- UserDefaults



How To-Best Practice
Comment List
  • Thank for this useful tip.

    I found that if you use RoleVault API after this call, you get:

    [ERROR] AntiCsrfServletFilter [RBPM] Potential CSRF(Cross-site Request Forgery)

    If you want to fix that, add the following:

    var netiq_idm_rbpm_acsrf = getCookie("netiq_idm_rbpm_acsrf");
    xmlhttp.setRequestHeader("netiq_idm_rbpm_acsrf", netiq_idm_rbpm_acsrf);

  • Thankyou Aditya,

    Do you have sample PRD for invoking Workflow in IDM4.7? since RIS API is dropped from IDM4.7 , would like to know how to invoke workflow using newREST APIs to  track the status of completion. 



  • This looks awesome Aditya, thanks fore providing the example.

    One question I have: is it possible to read any DAL entity via the REST API, assuming the logged in user has enough rights to see said entity in eDirectory? Have skimmed through it and could not identify a way to do so.
Related Discussions