title: REST API Reference category: Administration tags: API, REST, endpoints, integration, automation, programmatic priority: Normal
REST API Reference
IdentityCenter provides a REST API for programmatic access to your identity data. Use it to integrate with other tools, build custom workflows, or automate tasks.
Base URL
The API is accessible at your IdentityCenter URL with the /api prefix:
https://your-identitycenter-server/api
Authentication
All API requests require authentication. Include a valid bearer token in the Authorization header:
Authorization: Bearer <your-token>
To obtain a token, authenticate through the standard login endpoint.
Endpoints
Users
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/users |
List all users with optional filtering |
GET |
/api/users/{id} |
Get a specific user by ID |
GET |
/api/users/{id}/groups |
Get group memberships for a user |
GET |
/api/users/{id}/attributes |
Get all attributes for a user |
Query Parameters for /api/users:
| Parameter | Type | Description |
|---|---|---|
search |
string | Search by name, email, or account name |
department |
string | Filter by department |
status |
string | Filter by status: active, disabled, all |
connectionId |
guid | Filter by source connection |
page |
int | Page number (default: 1) |
pageSize |
int | Items per page (default: 50, max: 200) |
Example:
GET /api/users?department=IT&status=active&page=1&pageSize=25
Groups
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/groups |
List all groups |
GET |
/api/groups/{id} |
Get a specific group |
GET |
/api/groups/{id}/members |
Get members of a group |
Objects
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/objects |
List all objects with filtering |
GET |
/api/objects/{id} |
Get a specific object |
GET |
/api/objects/{id}/attributes |
Get all attributes for an object |
Query Parameters for /api/objects:
| Parameter | Type | Description |
|---|---|---|
objectClass |
string | Filter by class: user, group, computer, etc. |
connectionId |
guid | Filter by source connection |
search |
string | Search by name or DN |
isActive |
bool | Filter by active status |
Persons (Identities)
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/persons |
List all person records |
GET |
/api/persons/{id} |
Get a specific person |
GET |
/api/persons/{id}/objects |
Get all linked objects for a person |
Connections
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/connections |
List all directory connections |
GET |
/api/connections/{id} |
Get a specific connection |
POST |
/api/connections/{id}/test |
Test a connection |
Synchronization
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/sync/projects |
List all sync projects |
GET |
/api/sync/projects/{id} |
Get a specific sync project |
POST |
/api/sync/projects/{id}/run |
Trigger a sync run |
GET |
/api/sync/history |
Get sync execution history |
GET |
/api/sync/history/{id} |
Get details for a specific run |
Access Reviews
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/reviews/campaigns |
List all campaigns |
GET |
/api/reviews/campaigns/{id} |
Get campaign details |
GET |
/api/reviews/campaigns/{id}/items |
Get review items for a campaign |
Policies & Violations
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/policies |
List all policies |
GET |
/api/policies/{id}/violations |
Get violations for a policy |
GET |
/api/violations |
List all open violations |
Health
| Method | Endpoint | Description |
|---|---|---|
GET |
/api/health |
System health check |
Response Format
All responses are JSON. Successful responses follow this format:
{
"data": [ ... ],
"totalCount": 150,
"page": 1,
"pageSize": 50
}
Error responses:
{
"error": "Not Found",
"message": "User with ID '...' was not found",
"statusCode": 404
}
Rate Limiting
The API enforces rate limits to protect system performance:
| Limit | Value |
|---|---|
| Requests per minute | 60 |
| Requests per hour | 1,000 |
| Max page size | 200 |
If you exceed the rate limit, you'll receive a 429 Too Many Requests response with a Retry-After header.
Common Integration Patterns
Export Users to CSV
Use the users endpoint with pagination to export all users:
GET /api/users?page=1&pageSize=200
GET /api/users?page=2&pageSize=200
... (continue until all pages retrieved)
Monitor Sync Health
Poll the sync history endpoint to check for failures:
GET /api/sync/history?status=failed&since=2025-01-01
Trigger Sync from External System
Start a sync run programmatically (e.g., after an HR system update):
POST /api/sync/projects/{id}/run
Pull Violation Data into SIEM
Retrieve open violations for security monitoring:
GET /api/violations?severity=critical&status=open
Next Steps
- Security Hardening — Secure your API and deployment
- Scheduling & Jobs — Automate with built-in scheduling instead of API polling