Thursday, April 25, 2013

Using Web services in SailPoint IIQ

SailPoint has a lot of predefined REST web services which can be used to call specific functions from a web service client.
If you have requirement to execute a task or report without using the Sailpoint UI or console directly, then you can use the web services option, or it can be any general requirement.

Web services can be used in two different ways in Sailpoint.

  • Using IIQclient class
  • Creating custom web service 

Using IIQclient class
  1. Import the identityiq.jar file in eclipse. This jar contains the class sailpoint.integration.IIQClient; which contains the default functions provided by sailpoint to call the web services.
  2. Create a sample class to create a object of iiqclient class to call the functions available publicly 
  3.  Download the  REST API Integration pdf from compass, which has all the functions listed in details.

 Custom Web Service
  1. Creating custom web service as per the needs is the best option to develop the function as per requirements.
  2. Create a custom web service method class which will extend BaseResource class.
  3. BaseResource class will give you the context object of sailpoint to create methods as required.
  4. Create a class which will extend the to include the method create in step3
  5. Go to web.xml and modify the value of to your custom class.
  6. Now you can call the custom webservice using any client which can all REST web services.
  7. The return type of REST web-services is JSON, which needs to be converted to process it properly.



public class CustomWebServiceMethod extends BaseResource{

      public void getApplication() throws GeneralException
public class CustomWebService extends SailPointRestApplication{
      public Set < Class < ? > > getClasses()
            Set < Class < ? > &gt classes = super.getClasses();


  1. Is there a way to invoke "import filename.xml" command from REST API? If Yes, Kindly share an sample/example code. Thank you.

  2. excellent piece of information, I had come to know about your website from my friend kishore, pune,i have read atleast 8 posts of yours by now, and let me tell you, your site gives the best and the most interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts, once again hats off to you! Thanx a lot once again, Regards, , Sailpoint Online Training

  3. Hi Abhishek,

    Thanks for the timely post,
    at least for me
    . I have encore time wondered about the transition, but somehow did not dare, because the information I came across very controversial.
    But today, after reading your article I’m very confident to take up any challenges.

    Appreciate your effort for making such useful blogs and helping the community.
    Morgan Lee

  4. Hello ,
    Thank you SO MUCH! I was actually holding my breath as I followed these directions. It worked beautifully!
    It's great to utilize the power of internet with the available free blogs.
    Appreciate your effort for making such useful blogs and helping the community.

  5. Hiya,
    Thanks for the tip, appreciate it. Your article definitely helped me to understand the core concepts.
    I am facing the issue where leaf object is not getting deleted in active directory.
    msExchActiveSyncDevice for outlook access on mobile devices is the leaf object. Sailpoint idm training

    when we get email on our mobile device, outlook creates a child object on the account. When we try to delete, outlook sends a message back saying are you sure? and then it does nothing.
    when we send a command from SailPoint to AD to perform a delete, if the object we send has a sub-object below, delete does not occur. Need to delete the child object first.

    Were you able to resolve the issue?

    Once again thanks for your tutorial.

  6. Hello Abhi,

    Thanks for the tip, appreciate it. Your article definitely helped me to understand the core concepts.
    I’m most excited about the details your article touch based! I assume it doesn’t come out of the box, Sailpoint idm training it sounds like you are saying we’d need to write in the handlers ourselves.
    Is there any other articles you would recommend to understand this better?
    I guess the obvious questions for sanity sake: (did you plug it in...)
    Is 'encodedBytes' being regenerated for each object? you would see this problem if you somehow only generate the value once and try to use it for all the following values.
    Is 'encodedBytes' being used as the unique identifier (samAccountName)? If you are using something else then the overlap would have nothing to do with the encodedBytes.

    I look forward to see your next updates.

    Best Regards,

  7. Hi Abhishek,

    Nice tutorial! Let's keep our fingers crossed that this works. I would like to put this all to rest.
    Thanks for your response Mike. I will look into the ETN. Regarding authentication question, I am not sure if that will be categorized as a product defect or not. Currently, when we enable authentication Sailpoint tutorial question and SSO, IIQ throws a warning pop-up saying authentication questions wont work when SSO is enabled. However, this is a typical forgot password management use case when IdM is protected by SSO. So, I was wondering if someone else has encountered this issue and whether there are any workarounds to get past it.

    Great effort, I wish I saw it earlier.

    Best Regards,