Accessing the API features

2.2 Accessing the API features

Access to features of the MyID Core API is controlled using MyID roles.

For example, the MyID Operator Client feature that allows you to view a person's images (View Person's Images) is enabled if the operator has a role with one of the following permissions:

Add Person
Approve Person
Edit Person
Edit PIV Applicant
Request Card
Request Replacement Card
Unapprove Person
View Person

If the operator account has access to any of these permissions, it can use the corresponding API call:

GET /api/People/{id}/images/{imageField}

For information on setting role permissions, see the Roles section in the Administration Guide.

Note: As development of the API proceeds in advance of the development of the MyID Operator Client, you may find some API features that do not correspond to Operator Client features. These features do not have role-based restrictions placed on them; however, the object of the operations will always respect the scope of the operator user.

The following table lists the options that appear in the Edit Roles workflow in MyID Desktop, the MyID Operator Client features to which they map, and the corresponding API calls.

Option in Edit Roles	MyID Operator Client feature	Verb	API Path
Add Group	View Group	GET	/api/Groups/{id}
	Search Group	GET	/api/Groups
	Add Group	POST	/api/Groups
Add Person	View Person	GET	/api/People/{id}
	Add Person	POST	/api/People
	View Person's Images	GET	/api/People/{id}/images/{imageField}
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
Amend Group	View Group	GET	/api/Groups/{id}
	Search Group	GET	/api/Groups
	Edit Group	PATCH	/api/Groups/{id}
Approve Person	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	View Person's Images	GET	/api/People/{id}/images/{imageField}
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
Cancel Credential	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	Devices	GET	/api/People/{id}/devices
	View Device	GET	/api/Devices/{id}
	Search Device	GET	/api/Devices
	Cancel Device	POST	/api/Devices/{id}/cancel
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
Cancel Request	View Request	GET	/api/Requests/{id}
	Search Requests	GET	/api/Requests
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
Edit Person	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	Edit Person	PATCH	/api/People/{id}
	View Person's Images	GET	/api/People/{id}/images/{imageField}
	Disable Person	POST	/api/People/{id}/disable
	Enable Person	POST	/api/People/{id}/enable
	Search Group	GET	/api/Groups
	Edit Person (Directory)	PATCH	/api/Dirs/{directoryId}/people/{dirPersonId}
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
	Browse Directory Root	GET	/api/Dirs/{directoryId}/groups/browse
	Browse Directory Groups	GET	/api/Dirs/{directoryId}/groups/browse/{dirGroupId}
	Search Person (Directory)	GET	/api/Dirs/{directoryId}/people
	View Person (Directory)	GET	/api/Dirs/{directoryId}/people/{dirPersonId}
Edit PIV Applicant	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	View Person's Images	GET	/api/People/{id}/images/{imageField}
	Disable Person	POST	/api/People/{id}/disable
	Enable Person	POST	/api/People/{id}/enable
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Edit PIV Applicant	n/a	Does not map to an API method.
	Browse	GET	/api/Groups/browse
	Browse Directory Root	GET	/api/Dirs/{directoryId}/groups/browse
	Browse Directory Groups	GET	/api/Dirs/{directoryId}/groups/browse/{dirGroupId}
	Search Person (Directory)	GET	/api/Dirs/{directoryId}/people
	View Person (Directory)	GET	/api/Dirs/{directoryId}/people/{dirPersonId}
	Edit Person (Directory)	PATCH	/api/Dirs/{directoryId}/people/{dirPersonId}
Identify Card	View Device	GET	/api/Devices/{id}
	Search Device	GET	/api/Devices
	Device Certificates	GET	/api/Devices/{id}/certificates
	Device Requests	GET	/api/Devices/{id}/requests
Remove Group	View Group	GET	/api/Groups/{id}
	Search Group	GET	/api/Groups
	Remove Group	DELETE	/api/Groups/{id}
Remove Person	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	Remove Person	DELETE	/api/People/{id}
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
Request Card	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	Devices	GET	/api/People/{id}/devices
	Request Device	POST	/api/People/{id}/requests
	Requests	GET	/api/People/{id}/requests
	View Person's Images	GET	/api/People/{id}/images/{imageField}
	Browse Directory Groups	GET	/api/Dirs/{directoryId}/groups/browse/{dirGroupId}
	Search Person (Directory)	GET	/api/Dirs/{directoryId}/people
	View Person (Directory)	GET	/api/Dirs/{directoryId}/people/{dirPersonId}
	Request Device	POST	/api/Dirs/{directoryId}/people/{dirPersonId}/requests
	Person's Credential Profiles (Directory)	GET	/api/Dirs/{directoryId}/people/{dirPersonId}/credprofiles
	Person's Available Credential Profiles	GET	/api/People/{id}/credProfiles
	View Request	GET	/api/Requests/{id}
	Search Requests	GET	/api/Requests
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
	Browse Directory Root	GET	/api/Dirs/{directoryId}/groups/browse
Request Replacement Card	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	Devices	GET	/api/People/{id}/devices
	Requests	GET	/api/People/{id}/requests
	View Person's Images	GET	/api/People/{id}/images/{imageField}
	Person's Available Credential Profiles	GET	/api/People/{id}/credProfiles
	Request Replacement Device	POST	/api/Devices/{id}/replace
	Request Device Renewal	POST	/api/Devices/{id}/renew
	Device Available Credential Profiles	GET	/api/Devices/{id}/credProfiles
	View Request	GET	/api/Requests/{id}
	Search Requests	GET	/api/Requests
Unapprove Person	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	View Person's Images	GET	/api/People/{id}/images/{imageField}
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
Validate Request	View Request	GET	/api/Requests/{id}
	Approve Request	POST	/api/Requests/{id}/approve
	Search Requests	GET	/api/Requests
	Reject Request	POST	/api/Requests/{id}/reject
	Job's Available Credential Profiles	GET	/api/Requests/{id}/credProfiles
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
View Person	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	Devices	GET	/api/People/{id}/devices
	Requests	GET	/api/People/{id}/requests
	View Person's Images	GET	/api/People/{id}/images/{imageField}
	View Request	GET	/api/Requests/{id}
	View Person (Directory)	GET	/api/Dirs/{directoryId}/people/{dirPersonId}
	Search Requests	GET	/api/Requests
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
	Browse Directory Root	GET	/api/Dirs/{directoryId}/groups/browse
	Browse Directory Groups	GET	/api/Dirs/{directoryId}/groups/browse/{dirGroupId}
	Search Person (Directory)	GET	/api/Dirs/{directoryId}/people
View User Audit	View Person	GET	/api/People/{id}
	Search Person	GET	/api/People
	History	GET	/api/People/{id}/history
	Search Group	GET	/api/Groups
	Browse Groups	GET	/api/Groups/{id}/browse
	Browse	GET	/api/Groups/browse
	View Audit	GET	/api/Audits/{id}
	Audit Details	GET	/api/Audits/{id}/details

2.2.1 Scope

The MyID Core API respects the scope of the operator account used to access the API. For example, if you are using an operator account in the Finance department that has a role with a scope of Department, that account can view and access only the people (and their devices, requests, and so on) who are in the Finance department.

For information on setting roles and scope permissions, see the Scope and security section in the Administration Guide.