My Catalogs

A catalog entry represents a requestable resource for Access Requests. Each requestable app or collection has a top-level entry in the catalog. These are known as parent catalog entries. Associated requestable entitlements and groups also have an entry in the catalog, known as child entries. For example, a top-level entry for Figma might have two child entries, one for requesting read-only access to Figma and one for requesting edit access.

The parent property in the catalog entry object shows the relationship between child and parent. The child entry's parent property references their respective parent entry identifier. The parent entry's parent property has no value. See the CATALOG-ENTRY diagram in the Relationships model.

Use the My Catalogs API to request for catalog entries that you're allowed to request. You can search for a list of catalog entries based on the entry parent-child relationship using the filter query parameter.

List my entries for the default access request catalog
OAuth 2.0 scopes:
  • okta.accessRequests.catalog.read

Lists the filtered entries for the default access request catalog that you're allowed to request (as the authenticated requester).

The following are request examples with a filter expression. In each example, the filter expression includes the mandatory parent property.

  1. Lists at most 20 parent (top-level) entries
    /governance/api/v2/catalogs/default/entries?filter=not(parent%20pr)&limit=20
  2. Lists the next 20 results of parent entries after a specific cursor
    /governance/api/v2/catalogs/default/entries?filter=not(parent%20pr)&limit=20&after=cen33e47frfMB93gQ8g6
  3. Lists at most 8 parent entries with a fuzzy match for "figma"
    /governance/api/v2/catalogs/default/entries?filter=not(parent%20pr)&match=figma&limit=8
  4. Lists at most 8 child entries with a specific parent
    /governance/api/v2/catalogs/default/entries?filter=parent%20eq%20%22cen385AlcdqGaY8HE0g2%22&limit=8
  5. Lists at most 8 child entries that have "edit" in the name and have a specific parent
    /governance/api/v2/catalogs/default/entries?filter=parent%20eq%20%22cen385AlcdqGaY8HE0g2%22&match=edit&limit=8
Request
query Parameters
after
string = 20 characters

The pagination cursor that points to the last record of the previous response.

The maximum number of entries returned in a response is determined by the limit query parameter. If there are more entries to return, the _links.next.href link contains the after cursor for the next page of results.

Example: after=cenp2rjyxK1Js2Fc41d5
filter
required
string <scim-filter>

A required filter expression that returns entries based on the parent property:

  • This filter expression only supports the parent property and the eq and pr operators.
  • If you want the query to return child entries, then you must specify the parent ID with the eq operator.

Notes:

  • If you don't use the parent property in the filter expression, undesireable results are returned.
  • Query parameter percent encoding is required. See Special characters.
Example: filter=not(parent pr)
limit
integer [ 1 .. 200 ]

The maximum number of records returned in a response

Example: limit=20
match
string [ 3 .. 50 ] characters

Return catalog entries that match a substring value in the name or description properties. At least three characters are required for fuzzy search.

Example: match=figma
Responses
200

List of all entries in the resource catalog

400

An invalid list request

401

When authentication fails

403

When authorization fails

404

When the requested resource wasn't found

429

When the rate limit has been exceeded

500

When there is a server fault due to an unexpected error

get/governance/api/v2/my/catalogs/default/entries
Request samples 
Response samples 
application/json
Lists all entries that have an empty parent


{}
Retrieve my catalog entry
OAuth 2.0 scopes: 
  • okta.accessRequests.catalog.read
Retrieves an entry from my catalog


Request 
path Parameters
entryId
required
string  = 20 characters 
The ID of the catalog entry


 
 Example:  cenp2rjyxK1Js2Fc41d5
Responses 
200
List of all entries in the resource catalog


400
An invalid list request


401
When authentication fails


403
When authorization fails


404
When the requested resource wasn't found


429
When the rate limit has been exceeded


500
When there is a server fault due to an unexpected error


get/governance/api/v2/my/catalogs/default/entries/{entryId}
Request samples 
Response samples 
application/json
{}
Retrieve the request fields for my catalog entry
OAuth 2.0 scopes: 
  • okta.accessRequests.request.read
Retrieves request fields for a catalog entry that you're allowed to request (as the authenticated requester):


    

  • Request fields are determined by evaluating the entry's associated request conditions for the requester.
    • 

  • The highest priority matching condition determines the approval sequence that's used for the requester.
    • 

  • If that approval sequence has requester fields, then they are returned as request fields.
    • 

  • If the request can lead to any separation of duty conflicts, then the risk assessment (metadata.riskAssessment) is present. The risk assessment indicates whether the request submission is allowed or restricted, and includes rules that lead to the possible conflicts. If the request submission is allowed, then the request fields are determined by the associated approval sequence.
    • 



Request 
path Parameters
entryId
required
string  = 20 characters 
The ID of the catalog entry


 
 Example:  cenp2rjyxK1Js2Fc41d5
Responses 
200
Get requester fields for an entry


401
When authentication fails


404
When the requested resource wasn't found


get/governance/api/v2/my/catalogs/default/entries/{entryId}/request-fields
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": "ACCESS_DURATION",
      • "type": "DURATION",
      • "required": false,
      • "readOnly": true,
      • "value": "P4D"
      }
    ]
}
List my catalog entry users
OAuth 2.0 scopes: 
  • okta.accessRequests.catalog.read
Lists all users who match the filtered query and can also view and request the entry.


The filter query parameter is mandatory for this operation. A list of users is returned if:


    

  • the entry has the requestOnBehalfOfSettings enabled
    • 

  • the authorized user is able to request on behalf of other users
    • 



Examples


Request examples:


    

  1. Filter users with a last name that starts with "Smi"
    /governance/api/v2/my/catalogs/default/entries/{entryId}/users?filter=lastName%20sw%20%22Smi%22

    

    2. 

  2. Filter for users with a first name that begins with "John"
    /governance/api/v2/my/catalogs/default/entries/{entryId}/users?filter=firstName%20sw%20%22John%22

    

    3. 

  3. Search for users with a first or last name that begins with "John"
    /governance/api/v2/my/catalogs/default/entries/{entryId}/users?filter=firstName%20sw%20%22John%22%20OR%20lastName%20sw%20%22John%22

    

    4. 



Request 
path Parameters
entryId
required
string  = 20 characters 
The ID of the catalog entry


 
 Example:  cenp2rjyxK1Js2Fc41d5
query Parameters
after
string
The pagination cursor that points to the last record of the previous request.


 
 Example:  after=00u68w6vzKLultXS97g6
filter
required
string <scim-filter> 
A required filter expression that returns users based on the firstName or lastName properties.
This filter expression supports the sw operator.


Note: Query parameter percent encoding is required. See Special characters.


 
 Example:  filter=firstName sw "John" OR lastName sw "John"
limit
integer  [ 1 .. 200 ] 
 Default:  20
The maximum number of records returned in a response


 
Responses 
200
List of all requesters who may be able to request the entry


400
An invalid list request


401
When authentication fails


403
When authorization fails


404
When the requested resource wasn't found


429
When the rate limit has been exceeded


500
When there is a server fault due to an unexpected error


get/governance/api/v2/my/catalogs/default/entries/{entryId}/users
Request samples 
Response samples 
application/json
Lists all users who may be requesters for the entry that the authorized user could request on behalf of


{
  • "data": [
    • {
      • "id": "00u28w6vzKKultXP98g5",
      • "email": "jessie.smith@example.com",
      • "firstName": "Jessie",
      • "lastName": "Smith"
      },
    • {
      • "id": "00u28w6vzKKultXP97g5",
      • "email": "jacky.chen@example.com",
      • "firstName": "Jacky",
      • "lastName": "Chen"
      },
    • {
      • "id": "00u28w6vzKKultXP97g6",
      • "email": "tal.gupta@example.com",
      • "firstName": "Tal",
      • "lastName": "Gupta"
      },
    • {
      • "id": "00u28w6vzKKultXP97g6",
      • "email": "chad.Beauchamp-Williams-Wrightman-Smithson@example.com",
      • "firstName": "Chad",
      • "lastName": "Beauchamp-Williams-Wrightman-Smithson"
      },
    • {
      • "id": "00u28w8vzKLultXP97g6",
      • "email": "Lorena.FernándezDeCórdoba@example.com",
      • "firstName": "Lorena",
      • "lastName": "Fernández de Córdoba"
      },
    • {
      • "id": "00u68w6vzKLultXS97g6",
      • "email": "SeraphinianaAlessandrovich.Raskolnikov-Karamazov-Smirnovich@example.com",
      • "firstName": "SeraphinianaAlessandrovich",
      • "lastName": "Raskolnikov-Karamazov-Smirnovich"
      }
    ],
  • "_links": {}
}
Retrieve the entry request fields for a user
OAuth 2.0 scopes: 
  • okta.accessRequests.catalog.read
Retrieves the entry's request fields for the specified requester.


Request fields for the entry are only returned if the entry has "request on behalf of" (requestOnBehalfOfSettings) enabled, and the authorized user is able to request on behalf of other requesters.


If the request can lead to any separation of duty conflicts, then the risk assessment (metadata.riskAssessment) is returned.
The risk assessment indicates whether the request submission is allowed or restricted, and includes rules that lead to the possible conflicts.
If the request submission is allowed, then the request fields are determined by the associated approval sequence for the risk level.


Request 
path Parameters
entryId
required
string  = 20 characters 
The ID of the catalog entry


 
 Example:  cenp2rjyxK1Js2Fc41d5
userId
required
string  = 20 characters 
The id of the user


 
 Example:  00ucvnr9rbONeZdRp1d7
Responses 
200
Get requester fields for an entry


401
When authentication fails


404
When the requested resource wasn't found


get/governance/api/v2/my/catalogs/default/entries/{entryId}/users/{userId}/request-fields
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": "ACCESS_DURATION",
      • "type": "DURATION",
      • "required": false,
      • "readOnly": true,
      • "value": "P4D"
      }
    ]
}