Saviynt unveils its cutting-edge Intelligence Suite products to revolutionize Identity Security!
Click HERE to see how Saviynt Intelligence is transforming the industry.
Saviynt Copilot Icon

REST: How to take a JSON list and refer a value in subsequent call URL

nvachhani
Regular Contributor II
Regular Contributor II

I am trying to take a value from first call in the second call in order to remove access. Sample response for call 1:

 

"message": {
            "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#servicePrincipals('7dd70930-xxxx-4222-914a-e1a4447f737e')/appRoleAssignedTo",
            "value": [
                {
                    "id": "_uDgeL3vz0-c7iDNyM8J4xxxxREhCugOHp-g5w",
                    "deletedDateTime": null,
                    "appRoleId": "00000000-0000-0000-0000-000000000000",
                    "createdDateTime": "2023-01-18T21:36:08.1326374Z",
                    "principalDisplayName": "Test User1",
                    "principalId": "78e0e0fe-efbd-4fcf-9cee-20xxxxxcf09e2",
                    "principalType": "User",
                    "resourceDisplayName": "tokentest",
                    "resourceId": "7dd70930-ea87-4222-914a-e1xxxxxf737e"
                },
                {
                    "id": "yCrFEkOl1kiZMv2gy1DVee_8cCxxxxsbkpFECPNm4",
                    "deletedDateTime": null,
                    "appRoleId": "00000000-0000-0000-0000-000000000000",
                    "createdDateTime": "2024-08-28T21:30:03.5357459Z",
                    "principalDisplayName": "Test User2",
                    "principalId": "12c52ac8-a543-48d6-9932-fdxxxx0d579",
                    "principalType": "User",
                    "resourceDisplayName": "tokentest",
                    "resourceId": "7dd70930-ea87-4222-914a-e1xxxxf737e"
                }
            ]
        }

 

Here is the JSON I am using:

 

{
    "call": [
        {
            "name": "ApplicationInstance",
            "connection": "${connectionName}",
            "url": "https://graph.microsoft.com/v1.0/servicePrincipals/${entitlementValue.entitlementID}/appRoleAssignedTo?\\$top=999",
            "httpMethod": "GET",
            "httpHeaders": {
                "Authorization": "${access_token}",
                "Accept": "application/json"
            },
            "httpContentType": "application/json",
            "successResponses": {
                "statusCode": [
                    200,
                    201
                ]
            }
        },
        {
            "name": "ApplicationInstance",
            "connection": "${connectionName}",
            "url": "https://graph.microsoft.com/v1.0/servicePrincipals/${entitlementValue.entitlementID}/appRoleAssignedTo/${if (response.ApplicationInstance1.message.value.principalId.toString().equals(account.accountID)){return response.ApplicationInstance1.message.value.objectId;} else {''}}",
            "httpMethod": "DELETE",
            "httpHeaders": {
                "Authorization": "${access_token}",
                "Accept": "application/json"
            },
            "httpContentType": "application/json",
            "successResponses": {
                "statusCode": [
                    200,
                    201,
                    204,
                    205
                ]
            }
        }
    ]
}

 

The first call is successfully getting the list. The second call produces this error:

 

{
    "error": {
        "code": "Request_UnsupportedQuery",
        "message": "Invalid resource identifier for EntitlementGrant.",
        "innerError": {
            "date": "2024-09-09T13:55:32",
            "request-id": "1a9e3feb-3ae2-4c79-ba82-74ba4760105f",
            "client-request-id": "1a9e3feb-3ae2-4c79-ba82-74ba4760105f"
        }
    }
}

 

9 REPLIES 9

NM
Honored Contributor II
Honored Contributor II

Hi @nvachhani for Entra ID you don't have to follow the above mentioned processs you can directly remove the user.. graph API has the endpoint to perform the required operation 

nvachhani
Regular Contributor II
Regular Contributor II

Hi,

 

What is the correct call? The call provided in AzureAD Connection Guide did not work with same. @rushikeshvartak error is attached. We are using OOTB AzureAD connector. Documentation has following call using appRoleAssignments, but it is getting same error: 

{
      "name": "ApplicationInstance",
      "connection": "${connectionName}",
      "url": "https://graph.microsoft.com/v1.0/servicePrincipals/${entitlementValue.entitlementID}/appRoleAssignments/${for (Map map : response.ApplicationInstance1.message.value){if (map.principalId.toString().equals(account.accountID)){return map.objectId;}}}",
      "httpMethod": "DELETE",
      "httpHeaders": {
        "Authorization": "${access_token}",
        "Accept": "application/json"
      },
      "httpContentType": "application/json",
      "successResponses": {
        "statusCode": [
          200,
          201,
          204,
          205
        ]
      }
    }

 

Does hardcoded value works ?


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

Add feedback on documentation page about non working code


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

rushikeshvartak
All-Star
All-Star

Are you using OOTB Azure AD or REST Connector ? and what error you are getting (share in text file)


Regards,
Rushikesh Vartak
If this helped you move forward, click 'Kudos'. If it solved your query, select 'Accept As Solution'.

nvachhani
Regular Contributor II
Regular Contributor II

@nvachhani ,

The error provided above after hardcoding values is different from the initial error mentioned.

By the initial error looks like the values from call one you're trying to parse in call2 URL is not being parsed well.

Were you able to find anything in the logs when you hardcoded the values and compare it to the logs from using json params.

Thanks


Regards,
Pruthvi

nvachhani
Regular Contributor II
Regular Contributor II

@NM Which call do you suggest using instead?

nvachhani
Regular Contributor II
Regular Contributor II

@rushikeshvartak is there any solution for this issue? I added feedback on documentation.