Announcing the Saviynt Knowledge Exchange unifying the Saviynt forums, documentation, training,
and more in a single search tool across platforms. Read the announcement here.

getPendingApprovals API call

BarCar
Regular Contributor
Regular Contributor

Has anybody had any success calling the {{url}}/ECM/{{path}}/getPendingApprovals API endpoint?

When I pass in a JSON body like:

 
{
"username" : "123456"
}
 
I get a 403 Forbidden response.
 
I've checked that the API account has been granted permission to call with WebService and the connection is correctly authorized.
 
I'm seeing the response headers containing "Bearer Error = Insufficient Scope".
 
 

 

 

7 REPLIES 7

rushikeshvartak
All-Star
All-Star

Which SAV role user has ?

rushikeshvartak_0-1688441999458.png

 


Regards,
Rushikesh Vartak
If you find the response useful, kindly consider selecting Accept As Solution and clicking on the kudos button.

The user has a copy of the ROLE_ADMIN role adjusted to allow it to see all Requests.

nimitdave
Saviynt Employee
Saviynt Employee

Also, are you able to invoke other saviynt APIs successfully?

Please assign the api user role_admin sav role and then check.

BarCar
Regular Contributor
Regular Contributor

It doesn't look like it. I set up the API account as follows:

  • created user
  • set allow local logon
  • reset password
  • cleared password expired
  • granted role_admin (actually a copy of role adjusted to allow to see all requests)
  • called ECM/api/login to get access token 

Do I want to be hitting ECMv6/api/login or ECM/api/login? The v6 login is failing with a 401 but the other is working.

----

Added later:

Ok - I'm confused. We are running v23.5 and if I hit "{{url}}/ECMv6/api/login" I get a 403.

But if I hit "{{url}}/ECM/api/login" (from the 2021.0 documentation) I can get a token and then successfully call "{{url}}/ECM/{{path}}/getPendingApprovals" (where path is "api/v5").

Maybe I'm confused about the endpoints but I had assumed that using the newer endpoint was the right way to go since we are on a newer version.

nimitdave
Saviynt Employee
Saviynt Employee

You have to use {{url}}/ECM/api/login to get token for invoking all saviynt rest api v5 calls.

api v6 is for internal call with in system and should not be invoked from outside.

stevemcg9899
New Contributor III
New Contributor III

@BarCar's confusion is a result of Saviynt's API documentation being particularly unclear. 

@nimitdave you should feed this back and make sure the API documentation is made clearer.

nimitdave
Saviynt Employee
Saviynt Employee

@BarCar , please can you help us with the document that mentioned any of api with endpoint containing ECMv6, so that it can corrected.