- Created by Phillip Hanegan, last modified on Sept 07, 2022
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 3 Next »
The Authorization API provides endpoints that allow you to call specific HasAccess()
checks against a selected resource. This allows you to view what the people in your environment can do with specific resources, as well as view their current roles and other assignments.
In the examples, be sure to replace {Your_Access_Token} with your token and {Your_API_Key} with the API key for your application.
HasAccessToResource
This endpoint allows you to check whether a person can perform operations against two resources, such as approving a request to add a person to a group.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoresource
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Content-Type | application/json |
Authorization | Bearer {Your_Access_Token} |
Payload Name/Value Pairs
Name | Value |
---|---|
person | EmpowerID login of the person you are checking |
resource1 | GUID of the resource targeted by the operation |
operation | Display Name of the operation |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoresource", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "jappleseed", "resource": "a5a1ce79-69a3-41e0-a434-5670f654123a", "operation": "resetpassword" }) })
HasAccessToDualResource
This endpoint allows you to check whether a person can perform operations against two resources, such as approving a request to add a person to a group.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstodualresource
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | EmpowerID login of the person you are checking |
resource1 | GUID of the first resource targeted by the operation |
operation | Display Name of the dual operation |
resource2 | GUID of the second resource targeted by the operation |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstodualresource", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "jappleseed", "resource1": "a5a1ce79-69a3-41e0-a434-5670f654123a", "operation": "Approve Group Membership", "resource2": "0c80065b-48a1-40d9-abd9-3f7907fe3d28" }) })
HasRoleForResource
This endpoint allows you to check whether a person has a specific Access Level for a set of given resources.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasroleforresource
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | EmpowerID login of the person you are checking |
role | Display Name of the Access Level |
resource | GUID of the resource |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasroleforresource", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "jappleseed", "role": "Access Manager", "resource": "fb5d20a8-334f-4575-8b36-2058943dd195" }) })
HasAccessToWorkflow
This endpoint allows you to check whether a person can initiate a specific workflow.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoworkflow
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | EmpowerID login of the person you are checking |
resource | Display Name of the workflow |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoworkflow", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "jappleseed", "workflow": "Laptop Asset Provision" }) })
HasAccessToWorkflows
This endpoint allows you to check whether a person can initiate both of the specified workflows.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoworkflows
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | EmpowerID login of the person you are checking |
workflows | Comma separated Display Name of each workflow |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstoworkflows", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "jappleseed", "resource": "Laptop Asset Provision" }) })
HasAccessToPage
This endpoint allows you to check whether a person can view the specified page in the EmpowerID Web interface.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstopage
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | EmpowerID login of the person you are checking |
page | GUID of the page |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstopage", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "jappleseed", "page": "e780eb21-7908-4741-9e9a-61747732147c" }) })
HasAccessToPages
This endpoint allows you to check whether a person can view the specified pages in the EmpowerID Web interface.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstopages
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | EmpowerID login of the person you are checking |
pages | Protected Application Resource GUID of the pages; Comma separated |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasaccesstopages", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "jappleseed", "pages": "63f64ec8-b3a2-4085-8337-77385284b8a6, 10ad7ef4-7207-46f0-ae70-103bf3cf0110" }) })
GetAllowedResources
This endpoint returns a list of resources the specified user can see.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/getallowedcontrols
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | EmpowerID login of the person you are checking |
pages | GUID of the parent application |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/getallowedcontrols", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "jappleseed", "application": "e4e51851-5450-4b6e-ae31-bf1f9eeef5c6" }) })
Results
Returns a JSON object containing the GUID of all controls for a specified parent application that the person can see.
{ "Results": [ "dcb1e15f-ee06-4265-9924-4d53b2a648b8", "7187b855-cd13-402e-91cf-d4c3905fd688", "95cb3b83-3ad2-46dc-878a-0edc75543888", "66964466-6fb0-474d-92ad-86a203f6634a", "84a699e8-f91e-48d2-8e50-733d079d2c6c", "282273f3-e702-4487-905c-383b3552fa9e", "5a815ac6-49aa-4442-8a04-d841449ba395", "b61a685f-4afd-4db9-a778-5ede9e6c98ff", "f82358ae-714f-4539-ab09-39803ffce4bf", "6cb51176-582b-49a5-93bf-a7f303b4121c", "6e7f678f-d0a9-41a4-8e0c-79a25c7ba3b1", "e594e7b7-d7ca-423f-8b3b-163d3081392e" ] }
HasManagementRoles
This endpoint allows you to check whether a person has all of the specified Management Roles.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasmanagementroles
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | PersonID of the person you are checking |
managementRoles | GUID of each Management Role; Comma separated |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasmanagementroles", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "24754", "managementRoles": "fff8153f-982e-4504-b687-2bbd1f8b7c42,fb5d20a8-334f-4575-8b36-2058943dd195" }) })
Results
Returns a Boolean. If true, the person has the specified Management Roles; if false, the person does not have one or more of the roles.
IsInManagementRole
This endpoint allows you to check whether a person has the specified Management Role.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinmanagementrole
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | PersonID of the person you are checking |
managementRole | GUID of the Management Role |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinmanagementrole", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "24754", "managementRole": "fff8153f-982e-4504-b687-2bbd1f8b7c42" }) })
Results
Returns a Boolean. If true, the person has the specified Management Role; if false, the person does not.
IsInGroup
This endpoint allows you to check whether a person belongs to a specific group.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isingroup
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | PersonID of the person you are checking |
group | GUID of the Group |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isingroup", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "24754", "group": "6c19c0f1-0a0a-4f1a-a526-2b8408aaf5be" }) })
Results
Returns a Boolean. If true, the person is in the group; if false, the person is not.
HasGroups
This endpoint allows you to check whether a person belongs to each of the specified groups.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasgroups
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | PersonID of the person you are checking |
groups | GUID of each Group; Comma separated |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasgroups", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "24754", "groups": "6c19c0f1-0a0a-4f1a-a526-2b8408aaf5be, 1089e2ef-67dc-484d-9b4b-c702822ffc0a" }) })
Results
Returns a Boolean. If true, the person belongs to all of the specified groups; if false, the person is not a member of one or more of the groups.
IsInBusinessRole
This endpoint allows you to check whether a person has a specific Business Role.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinbusinessrole
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | PersonID of the person you are checking |
businessRole | ResourceID of the Business Role |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinbusinessrole", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "24754", "businessRole": "2994477" }) })
Results
Returns a Boolean. If true, the person has the specified Business Role; if false, the person does not.
HasBusinessRoles
This endpoint allows you to check whether a person belongs to each of the specified Business Roles.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasbusinessroles
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | PersonID of the person you are checking |
businessRoles | ResourceID of each Business Role; Comma separated |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/hasbusinessroles", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "24754", "businessRoles": "2994477, 2994478, 3146825" }) })
Results
Returns a Boolean. If true, the person all of the specified Business Role; if false, the person does not belong to one or more of the roles.
IsInBusinessRoleAndLocation
This endpoint allows you to check whether a person belongs to a specified Business Role and Location combination.
HTTP Request
POST https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinbusinessroleandlocation
Header Key/Value Pairs
Key | Value |
---|---|
X-EmpowerID-API-Key | The API key for your OAuth application |
Authorization | Bearer {Your_Access_Token} |
Content-Type | application/json |
Payload Name/Value Pairs
Name | Value |
---|---|
person | PersonID of the person you are checking |
businessRoleAndLocation | ResourceID of each Business Role; Comma separated |
Code Examples
$.ajax({ url: "https://{FQDN_Of_Your_EmpowerID_Web_Server}/api/services/v1/hasaccess/isinbusinessroleandlocation", type: "POST", headers: { "X-EmpowerID-API-Key": "{Your_API_Key}", "Content-Type": "application/json", "Authorization": "Bearer {Your_Access_Token}" }, data: JSON.stringify({ "person": "24754", "businessRoleAndLocation": "3348" }) })
Results
Returns a Boolean. If true, the person to the specified Business Role; if false, the person does not.
IN THIS ARTICLE
- No labels