Catalogs

A catalog entry represents a requestable resource for Access Requests. Each requestable app or collection has a top-level entry in the catalog. These are known as parent catalog entries. Associated requestable entitlements and groups also have an entry in the catalog, known as child entries. For example, a top-level entry for Figma might have two child entries, one for requesting read-only access to Figma and one for requesting edit access.

The parent property in the catalog entry object shows the relationship between child and parent. The child entry's parent property references their respective parent entry identifier. The parent entry's parent property has no value. See the CATALOG-ENTRY diagram in the Relationships model.

Use the Catalogs API to request for catalog entries as a principal with admin privileges. You can search for a list of catalog entries based on the entry parent-child relationship using the filter query parameter.

List all entries for the default access request catalog
Early Access
Admin roles:
  • Access Requests Administrator
OAuth 2.0:
  • okta.accessRequests.catalog.read

Lists entries for the default access request catalog based on a filter.

The following are request examples with query parameters:

  1. Lists at most 20 parent (top-level) entries
    /governance/api/v2/catalogs/default/entries?filter=not(parent%20pr)&limit=20
  2. Lists the next 20 results of parent entries after a specific cursor
    /governance/api/v2/catalogs/default/entries?filter=not(parent%20pr)&limit=20&after=cen33e47frfMB93gQ8g6
  3. Lists at most 8 parent entries with a fuzzy match for "figma"
    /governance/api/v2/catalogs/default/entries?filter=not(parent%20pr)&match=figma&limit=8
  4. Lists at most 8 child entries with a specific parent
    /governance/api/v2/catalogs/default/entries?filter=parent%20eq%20%22cen385AlcdqGaY8HE0g2%22&limit=8
  5. Lists at most 8 child entries that have "edit" in the name and have a specific parent
    /governance/api/v2/catalogs/default/entries?filter=parent%20eq%20%22cen385AlcdqGaY8HE0g2%22&match=edit&limit=8
Request
query Parameters
after
string = 20 characters

The pagination cursor that points to the last record of the previous response.

The maximum number of entries returned in a response is determined by the limit query parameter. If there are more entries to return, the _links.next.href link contains the after cursor for the next page of results.

Example: after=cenp2rjyxK1Js2Fc41d5
filter
required
string <scim-filter>

A required filter expression that returns entries based on the parent property. This filter expression supports the eq and pr operators.

Note: Query parameter percent encoding is required. See Special characters.

Example: filter=firstName%20sw%20%22John%22%20OR%lastName%20sw%20%22John%22
limit
integer [ 1 .. 200 ]

The maximum number of records returned in a response

Example: limit=20
match
string [ 3 .. 50 ] characters

Return catalog entries that match a substring value in the name or description properties. At least three characters are required for fuzzy search.

Example: match=figma
Responses
200

List of all entries in the resource catalog

400

An invalid list request

401

When authentication fails

403

When authorization fails

404

When the requested resource was not found

429

When the rate limit has been exceeded

500

When there is a server fault due to an unexpected error

get/governance/api/v2/catalogs/default/entries
Request samples 
Response samples 
application/json
Lists all entries that have an empty parent


{}
Retrieve a catalog entry
Early Access
Admin roles: 
  • Access Requests Administrator
OAuth 2.0: 
  • okta.accessRequests.catalog.read
Retrieves a catalog entry


Request 
path Parameters
entryId
required
string  = 20 characters 
The ID of the catalog entry


 
 Example:  cenp2rjyxK1Js2Fc41d5
Responses 
200
List of all entries in the resource catalog


400
An invalid list request


401
When authentication fails


403
When authorization fails


404
When the requested resource was not found


429
When the rate limit has been exceeded


500
When there is a server fault due to an unexpected error


get/governance/api/v2/catalogs/default/entries/{entryId}
Request samples 
Response samples 
application/json
{}
Retrieve an entry's request fields
Admin roles: 
  • Access Requests Administrator
OAuth 2.0: 
  • okta.accessRequests.request.read
Retrieves request fields for catalog entry


Request fields are determined by evaluating the entry's associated
request conditions for the requester.


The highest priority matching
condition determines the approval sequence that will be used for the
requester.


If that approval sequence has requester fields, then they will
be returned as a request field.


If the request can lead to any separation of duty conflicts, then 
the risk assessment is present. The risk assessment indicates whether
request submission is allowed or restricted and includes rules that 
lead to the possible conflicts. If request submission is allowed, then
the request fields are determined by the associated approval sequence.


Request 
path Parameters
entryId
required
string  = 20 characters 
The ID of the catalog entry


 
 Example:  cenp2rjyxK1Js2Fc41d5
userId
required
string  = 20 characters 
The id of the user


 
 Example:  00ucvnr9rbONeZdRp1d7
Responses 
200
Get requester fields for an entry


401
When authentication fails


404
When the requested resource was not found


get/governance/api/v2/catalogs/default/entries/{entryId}/users/{userId}/request-fields
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": "ACCESS_DURATION",
      • "type": "DURATION",
      • "required": false,
      • "readOnly": true,
      • "value": "P4D"
      }
    ]
}