The Authorization API provides endpoints that allow you to call specific HasAccess() checks against a selected resource. This allows you to view what the people in your environment can do with specific resources, as well as view their current roles and other assignments.
Info |
---|
In the examples, be sure to replace {Your_Access_Token} with your token and {Your_API_Key} with the API key for your application. |
HasAccessToResource
This endpoint allows you to check whether a person can perform operations against two resources, such as approving a request to add a person to a group.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoresource |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | EmpowerID login of the person you are checking |
resource1 | GUID of the resource targeted by the operation |
operation | Display Name of the operation |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoresource",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "jappleseed",
"resource": "a5a1ce79-69a3-41e0-a434-5670f654123a",
"operation": "resetpassword"
})
}) |
HasAccessToDualResource
This endpoint allows you to check whether a person can perform operations against two resources, such as approving a request to add a person to a group.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstodualresource |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | EmpowerID login of the person you are checking |
resource1 | GUID of the first resource targeted by the operation |
operation | Display Name of the dual operation |
resource2 | GUID of the second resource targeted by the operation |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstodualresource",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "jappleseed",
"resource1": "a5a1ce79-69a3-41e0-a434-5670f654123a",
"operation": "Approve Group Membership",
"resource2": "0c80065b-48a1-40d9-abd9-3f7907fe3d28"
})
}) |
HasRoleForResource
This endpoint allows you to check whether a person has a specific Access Level for a set of given resources.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasroleforresource |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | EmpowerID login of the person you are checking |
role | Display Name of the Access Level |
resource | GUID of the resource |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasroleforresource",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "jappleseed",
"role": "Access Manager",
"resource": "fb5d20a8-334f-4575-8b36-2058943dd195"
})
}) |
HasAccessToWorkflow
This endpoint allows you to check whether a person can initiate a specific workflow.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoworkflow |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | EmpowerID login of the person you are checking |
resource | Display Name of the workflow |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoworkflow",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "jappleseed",
"workflow": "Laptop Asset Provision"
})
}) |
HasAccessToWorkflows
This endpoint allows you to check whether a person can initiate both of the specified workflows.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoworkflows |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | EmpowerID login of the person you are checking |
workflows | Comma separated Display Name of each workflow |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoworkflows",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "jappleseed",
"resource": "Laptop Asset Provision"
})
}) |
HasAccessToPage
This endpoint allows you to check whether a person can view the specified page in the EmpowerID Web interface.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstopage |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | EmpowerID login of the person you are checking |
page | GUID of the page |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstopage",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "jappleseed",
"page": "e780eb21-7908-4741-9e9a-61747732147c"
})
}) |
HasAccessToPages
This endpoint allows you to check whether a person can view the specified pages in the EmpowerID Web interface.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstopages |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | EmpowerID login of the person you are checking |
pages | Protected Application Resource GUID of the pages; Comma separated |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstopages",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "jappleseed",
"pages": "63f64ec8-b3a2-4085-8337-77385284b8a6, 10ad7ef4-7207-46f0-ae70-103bf3cf0110"
})
}) |
GetAllowedResources
This endpoint returns a list of resources the specified user can see.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/getallowedcontrols |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | EmpowerID login of the person you are checking |
pages | GUID of the parent application |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/getallowedcontrols",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "jappleseed",
"application": "e4e51851-5450-4b6e-ae31-bf1f9eeef5c6"
})
}) |
Results
Returns a JSON object containing the GUID of all controls for a specified parent application that the person can see.
Code Block |
---|
{
"Results": [
"dcb1e15f-ee06-4265-9924-4d53b2a648b8",
"7187b855-cd13-402e-91cf-d4c3905fd688",
"95cb3b83-3ad2-46dc-878a-0edc75543888",
"66964466-6fb0-474d-92ad-86a203f6634a",
"84a699e8-f91e-48d2-8e50-733d079d2c6c",
"282273f3-e702-4487-905c-383b3552fa9e",
"5a815ac6-49aa-4442-8a04-d841449ba395",
"b61a685f-4afd-4db9-a778-5ede9e6c98ff",
"f82358ae-714f-4539-ab09-39803ffce4bf",
"6cb51176-582b-49a5-93bf-a7f303b4121c",
"6e7f678f-d0a9-41a4-8e0c-79a25c7ba3b1",
"e594e7b7-d7ca-423f-8b3b-163d3081392e"
]
} |
HasManagementRoles
This endpoint allows you to check whether a person has all of the specified Management Roles.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasmanagementroles |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | PersonID of the person you are checking |
managementRoles | GUID of each Management Role; Comma separated |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasmanagementroles",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "24754",
"managementRoles": "fff8153f-982e-4504-b687-2bbd1f8b7c42,fb5d20a8-334f-4575-8b36-2058943dd195"
})
}) |
Results
Returns a Boolean. If true, the person has the specified Management Roles; if false, the person does not have one or more of the roles.
IsInManagementRole
This endpoint allows you to check whether a person has the specified Management Role.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinmanagementrole |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | PersonID of the person you are checking |
managementRole | GUID of the Management Role |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinmanagementrole",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "24754",
"managementRole": "fff8153f-982e-4504-b687-2bbd1f8b7c42"
})
}) |
Results
Returns a Boolean. If true, the person has the specified Management Role; if false, the person does not.
IsInGroup
This endpoint allows you to check whether a person belongs to a specific group.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isingroup |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | PersonID of the person you are checking |
group | GUID of the Group |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isingroup",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "24754",
"group": "6c19c0f1-0a0a-4f1a-a526-2b8408aaf5be"
})
}) |
Results
Returns a Boolean. If true, the person is in the group; if false, the person is not.
HasGroups
This endpoint allows you to check whether a person belongs to each of the specified groups.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasgroups |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | PersonID of the person you are checking |
groups | GUID of each Group; Comma separated |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasgroups",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "24754",
"groups": "6c19c0f1-0a0a-4f1a-a526-2b8408aaf5be, 1089e2ef-67dc-484d-9b4b-c702822ffc0a"
})
}) |
Results
Returns a Boolean. If true, the person belongs to all of the specified groups; if false, the person is not a member of one or more of the groups.
IsInBusinessRole
This endpoint allows you to check whether a person has a specific Business Role.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinbusinessrole |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | PersonID of the person you are checking |
businessRole | ResourceID of the Business Role |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinbusinessrole",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "24754",
"businessRole": "2994477"
})
}) |
Results
Returns a Boolean. If true, the person has the specified Business Role; if false, the person does not.
HasBusinessRoles
This endpoint allows you to check whether a person belongs to each of the specified Business Roles.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasbusinessroles |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | PersonID of the person you are checking |
businessRoles | ResourceID of each Business Role; Comma separated |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasbusinessroles",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "24754",
"businessRoles": "2994477, 2994478, 3146825"
})
}) |
Results
Returns a Boolean. If true, the person all of the specified Business Role; if false, the person does not belong to one or more of the roles.
IsInBusinessRoleAndLocation
This endpoint allows you to check whether a person belongs to a specified Business Role and Location combination.
HTTP Request
Code Block |
---|
|
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinbusinessroleandlocation |
Key | Value |
---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|
person | PersonID of the person you are checking |
businessRoleAndLocation | ResourceID of each Business Role; Comma separated |
Code Examples
Ajax
Code Block |
---|
|
$.ajax({
url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinbusinessroleandlocation",
type: "POST",
headers: {
"X-EmpowerID-API-Key": "{Your_API_Key}",
"Content-Type": "application/json",
"Authorization": "Bearer {Your_Access_Token}"
},
data: JSON.stringify({
"person": "24754",
"businessRoleAndLocation": "3348"
})
}) |
Results
Returns a Boolean. If true, the person to the specified Business Role; if false, the person does not.