This blog post is about changing data with help of SAP Identity Management REST API v1, also multi values and role references with validity data.
I suggest using Google Chrome and the REST plugin Postman for this as test environment.
To be able to change data via POST request, two header variables have to be send to the Identity Management backend for security aspects. First one is X-Requested-With = JSONHttpRequest. The second one is more difficult. First, you have to send a GET request with X-CSRF-Token = Fetch to the server. You will receive a token, which has to be used in the POST, e.g. koMUjIyXs5z3qxUkAcKgJrJ0jOezwEQv2ZQ. All together:
- X-Requested-With = JSONHttpRequest
- X-CSRF-Token = <token_received_from_GET_request>
To be able to change validity dates, you have to change the application property v72alpha.validity_enabled = true in AS Java.
Change Singe Value Attributes:
This example changes first and last name.
Change Multi Value Attributes:
This example changes the additional phone numbers.
By default, these values will be added. In order to delete values, add the changetype = delete.
Change Role References with Validity Dates:
Validity dates are optional. As value, use the mskey of the roles you want to assign.
REASON, VALIDFROM, and VALIDTO are link attributes. You are also able to set the context ID by setting CONTEXTID=<mskey_of_context> as additional link attribute.
Privileges have to be changed my MXREF_MX_PRIVILEGE. MX_ASSIGNMENTS is only a virtual attribute and cannot be changed.
(For GET requests, make sure to set “List Entries on Load” in the attribute definition in order to get role or privilege assignments via REST).
Always make sure you are using URL encoding for these URL parameters (or use a library, which is capable of doing this), which will lead in URLs like these:
Related blog posts: