A catalog entry represents a requestable resource for Access Requests. Each requestable app or collection has a top-level entry in the catalog. These are known as parent catalog entries. Associated requestable entitlements and groups also have an entry in the catalog, known as child entries. For example, a top-level entry for Figma might have two child entries, one for requesting read-only access to Figma and one for requesting edit access.
The parent property in the catalog entry object shows the relationship between child and parent. The child entry's parent property references their respective parent entry identifier. The parent entry's parent property has no value. See the CATALOG-ENTRY diagram in the Relationships model.
Use the My Catalogs API to request for catalog entries that you're allowed to request. You can search for a list of catalog entries based on the entry parent-child relationship using the filter query parameter.
Lists filtered entries for the default access request catalog that you're allowed to request (as the authenticated requestor).
The following are request examples with query parameters:
/governance/api/v2/catalogs/default/entries?filter=not(parent%20pr)&limit=20
/governance/api/v2/catalogs/default/entries?filter=not(parent%20pr)&limit=20&after=cen33e47frfMB93gQ8g6
/governance/api/v2/catalogs/default/entries?filter=not(parent%20pr)&match=figma&limit=8
/governance/api/v2/catalogs/default/entries?filter=parent%20eq%20%22cen385AlcdqGaY8HE0g2%22&limit=8
/governance/api/v2/catalogs/default/entries?filter=parent%20eq%20%22cen385AlcdqGaY8HE0g2%22&match=edit&limit=8
| after | string = 20 characters The pagination cursor that points to the last record of the previous response. The maximum number of entries returned in a response is determined by the Example: after=cenp2rjyxK1Js2Fc41d5 |
| filter required | string <scim-filter> A required filter expression that returns entries based on the Note: Query parameter percent encoding is required. See Special characters. Example: filter=not(parent pr) |
| limit | integer [ 1 .. 200 ] The maximum number of records returned in a response Example: limit=20 |
| match | string [ 3 .. 50 ] characters Return catalog entries that match a substring value in the Example: match=figma |
List of all entries in the resource catalog
An invalid list request
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Lists all entries that have an empty parent
{- "data": [
- {
- "id": "cen33e47frfMB93gQ8g6",
- "name": "Figma",
- "description": "The Figma App",
- "label": "Application",
- "requestable": false,
- "_links": {
}
}, - {
- "id": "cen8bfdir26G1QERV345",
- "name": "Support User Collection",
- "description": "Collection of resources for support user",
- "label": "Resource Collection",
- "requestable": false,
- "counts": {
- "resourceCounts": {
- "applications": 5
}
}, - "_links": {
- "logo": [
],
}
}
], - "_links": {
}
}Retrieves an entry from my catalog
List of all entries in the resource catalog
An invalid list request
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
{- "id": "cen33e47frfMB93gQ8g6",
- "name": "Figma",
- "description": "The Figma App",
- "label": "Application",
- "requestable": false,
- "_links": {
}
}Retrieves request fields for my catalog entry
Request fields are determined by evaluating the entry's associated request conditions for the requester.
The highest priority matching condition determines the approval sequence that will be used for the requester.
If that approval sequence has requester fields, then they will be returned as a request field.
If the request can lead to any separation of duty conflicts, then the risk assessment is present. The risk assessment indicates whether request submission is allowed or restricted and includes rules that lead to the possible conflicts. If request submission is allowed, then the request fields are determined by the associated approval sequence.
Get requester fields for an entry
When authentication fails
When the requested resource was not found
{- "data": [
- {
- "id": "ACCESS_DURATION",
- "type": "DURATION",
- "required": false,
- "readOnly": true,
- "value": "P4D"
}
]
}Lists all users who match the filtered query and can also view and request the entry.
A list of users is only returned if the entry has the requestOnBehalfOfSettings enabled, a filter is specified, and the authorized user is able to request on behalf of other users.
Examples
Request examples with query parameters:
/governance/api/v2/my/catalogs/default/entries/{entryId}/users?filter=lastName%20sw%20%22Smi%22
/governance/api/v2/my/catalogs/default/entries/{entryId}/users?filter=firstName%20sw%20%22John%22
/governance/api/v2/my/catalogs/default/entries/{entryId}/users?filter=firstName%20sw%20%22John%22%20OR%20lastName%20sw%20%22John%22
| after | string The pagination cursor that points to the last record of the previous request. Example: after=00u68w6vzKLultXS97g6 |
| filter required | string <scim-filter> A required filter expression that returns users based on the Note: Query parameter percent encoding is required. See Special characters. Example: filter=firstName sw "John" OR lastName sw "John" |
| limit | integer [ 1 .. 200 ] Default: 20 The maximum number of records returned in a response |
List of all requesters who may be able to request the entry
An invalid list request
When authentication fails
When authorization fails
When the requested resource was not found
When the rate limit has been exceeded
When there is a server fault due to an unexpected error
Lists all users who may be requesters for the entry that the authorized user could request on behalf of
{- "data": [
- {
- "id": "00u28w6vzKKultXP98g5",
- "email": "jessie.smith@example.com",
- "firstName": "Jessie",
- "lastName": "Smith"
}, - {
- "id": "00u28w6vzKKultXP97g5",
- "email": "jacky.chen@example.com",
- "firstName": "Jacky",
- "lastName": "Chen"
}, - {
- "id": "00u28w6vzKKultXP97g6",
- "email": "tal.gupta@example.com",
- "firstName": "Tal",
- "lastName": "Gupta"
}, - {
- "id": "00u28w6vzKKultXP97g6",
- "email": "chad.Beauchamp-Williams-Wrightman-Smithson@example.com",
- "firstName": "Chad",
- "lastName": "Beauchamp-Williams-Wrightman-Smithson"
}, - {
- "id": "00u28w8vzKLultXP97g6",
- "email": "Lorena.FernándezDeCórdoba@example.com",
- "firstName": "Lorena",
- "lastName": "Fernández de Córdoba"
}, - {
- "id": "00u68w6vzKLultXS97g6",
- "email": "SeraphinianaAlessandrovich.Raskolnikov-Karamazov-Smirnovich@example.com",
- "firstName": "SeraphinianaAlessandrovich",
- "lastName": "Raskolnikov-Karamazov-Smirnovich"
}
], - "_links": {
}
}Retrieves the entry's request fields for the specified requester. Request fields for the entry are only returned if the entry has request on behalf of enabled, and the authorized user is able to request on behalf of other requesters.
If the request can lead to any separation of duty conflicts, then the risk assessment is present. The risk assessment indicates whether request submission is allowed or restricted and includes rules that lead to the possible conflicts. If request submission is allowed, then the request fields are determined by the associated approval sequence for the risk level.
Get requester fields for an entry
When authentication fails
When the requested resource was not found
{- "data": [
- {
- "id": "ACCESS_DURATION",
- "type": "DURATION",
- "required": false,
- "readOnly": true,
- "value": "P4D"
}
]
}