2.2 Accessing the API features
Access to features of the MyID Core API is controlled using MyID roles.
For example, the MyID Operator Client feature that allows you to view a person's images (View Person's Images) is enabled if the operator has a role with one of the following permissions:
-
Add Person
-
Approve Person
-
Edit Person
-
Edit PIV Applicant
-
Initial PIV Enrollment
-
Request Card
-
Request Replacement Card
-
Update PIV Applicant
-
Unapprove Person
-
View Person
If the operator account has access to any of these permissions, it can use the corresponding API call:
-
GET /api/People/{id}/images/{imageField}
For information on setting role permissions, see the Roles section in the Administration Guide.
Note: As development of the API proceeds in advance of the development of the MyID Operator Client, you may find some API features that do not correspond to Operator Client features. These features do not have role-based restrictions placed on them; however, the object of the operations will always respect the scope of the operator user.
The following table lists the options that appear in the Edit Roles workflow in MyID Desktop, the MyID Operator Client features to which they map, and the corresponding API calls.
Option in Edit Roles |
Feature |
Verb |
API Path |
---|---|---|---|
Add Group |
View Group |
GET |
/api/Groups/{id} |
|
Search Group |
GET |
/api/Groups |
Add Group |
POST |
/api/Groups |
|
Add Person |
View Person |
GET |
/api/People/{id} |
Add Person |
POST |
/api/People |
|
View Person's Images |
GET |
/api/People/{id}/images/{imageField} |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
All Requests |
Search Reports |
GET |
/api/Reports |
All Requests Report |
GET |
/api/Reports/300004 |
|
Amend Group |
View Group |
GET |
/api/Groups/{id} |
|
Search Group |
GET |
/api/Groups |
Edit Group |
PATCH |
/api/Groups/{id} |
|
Approve Person |
View Person |
GET |
/api/People/{id} |
Search Person |
GET |
/api/People |
|
View Person's Images |
GET |
/api/People/{id}/images/{imageField} |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
Approve Person |
POST |
/api/People/{id}/approve |
|
Archived Requests |
Search Reports |
GET |
/api/Reports |
Archived Requests Report |
GET |
/api/Reports/300002 |
|
Assigned Devices |
Search Reports |
GET |
/api/Reports |
Assigned Devices Report |
GET |
/api/Reports/290001 |
|
Assigned Devices Report |
GET |
/api/Devices/reports/290001 |
|
Cancel Credential |
View Person |
GET |
/api/People/{id} |
Search Person |
GET |
/api/People |
|
Devices |
GET |
/api/People/{id}/devices |
|
View Device |
GET |
/api/Devices/{id} |
|
Search Device |
GET |
/api/Devices |
|
Cancel Device |
POST |
/api/Devices/{id}/cancel |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
Cancel Request |
View Request |
GET |
/api/Requests/{id} |
Search Requests |
GET |
/api/Requests |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
Cancel Request |
POST |
/api/Requests/{id}/cancel |
|
Devices |
Search Reports |
GET |
/api/Reports |
Devices Report |
GET |
/api/Reports/100202 |
|
Devices Report |
GET |
/api/Devices/reports/100202 |
|
Directory Sync |
Directory Sync |
POST |
/api/People/{id}/dirSync |
Download Reports |
Download Reports |
GET |
/api/Requests/reports/{opId}/download |
Edit Person |
View Person |
GET |
/api/People/{id} |
Search Person |
GET |
/api/People |
|
Edit Person |
PATCH |
/api/People/{id} |
|
View Person's Images |
GET |
/api/People/{id}/images/{imageField} |
|
Disable Person |
POST |
/api/People/{id}/disable |
|
Enable Person |
POST |
/api/People/{id}/enable |
|
Search Group |
GET |
/api/Groups |
|
Edit Person (Directory) |
PATCH |
/api/Dirs/{directoryId}/people/{dirPersonId} |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
Browse Directory Root |
GET |
/api/Dirs/{directoryId}/groups/browse |
|
Browse Directory Groups |
GET |
/api/Dirs/{directoryId}/groups/browse/{dirGroupId} |
|
Search Person (Directory) |
GET |
/api/Dirs/{directoryId}/people |
|
View Person (Directory) |
GET |
/api/Dirs/{directoryId}/people/{dirPersonId} |
|
Edit PIV Applicant or Initial PIV Enrollment or Update PIV Applicant |
View Person |
GET |
/api/People/{id} |
Search Person |
GET |
/api/People |
|
View Person's Images |
GET |
/api/People/{id}/images/{imageField} |
|
Disable Person |
POST |
/api/People/{id}/disable |
|
Enable Person |
POST |
/api/People/{id}/enable |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
Browse Directory Root |
GET |
/api/Dirs/{directoryId}/groups/browse |
|
Browse Directory Groups |
GET |
/api/Dirs/{directoryId}/groups/browse/{dirGroupId} |
|
Search Person (Directory) |
GET |
/api/Dirs/{directoryId}/people |
|
View Person (Directory) |
GET |
/api/Dirs/{directoryId}/people/{dirPersonId} |
|
|
Edit Person (Directory) |
PATCH |
/api/Dirs/{directoryId}/people/{dirPersonId} |
Identify Card |
View Device |
GET |
/api/Devices/{id} |
Search Device |
GET |
/api/Devices |
|
Device Certificates |
GET |
/api/Devices/{id}/certificates |
|
Device Requests |
GET |
/api/Devices/{id}/requests |
|
People |
Search Reports |
GET |
/api/Reports |
People Report |
GET |
/api/Reports/100102 |
|
People Report |
GET |
/api/People/reports/100102 |
|
Remove Group |
View Group |
GET |
/api/Groups/{id} |
|
Search Group |
GET |
/api/Groups |
Remove Group |
DELETE |
/api/Groups/{id} |
|
Remove Person |
View Person |
GET |
/api/People/{id} |
|
Search Person |
GET |
/api/People |
|
Remove Person |
DELETE |
/api/People/{id} |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
Browse |
GET |
/api/Groups/browse |
|
Request Card |
View Person |
GET |
/api/People/{id} |
Search Person |
GET |
/api/People |
|
Devices |
GET |
/api/People/{id}/devices |
|
Request Device |
POST |
/api/People/{id}/requests |
|
Requests |
GET |
/api/People/{id}/requests |
|
View Person's Images |
GET |
/api/People/{id}/images/{imageField} |
|
Browse Directory Groups |
GET |
/api/Dirs/{directoryId}/groups/browse/{dirGroupId} |
|
Search Person (Directory) |
GET |
/api/Dirs/{directoryId}/people |
|
View Person (Directory) |
GET |
/api/Dirs/{directoryId}/people/{dirPersonId} |
|
Request Device |
POST |
/api/Dirs/{directoryId}/people/{dirPersonId}/requests |
|
Person's Credential Profiles (Directory) |
GET |
/api/Dirs/{directoryId}/people/{dirPersonId}/credprofiles |
|
Person's Available Credential Profiles |
GET |
/api/People/{id}/credProfiles |
|
View Request |
GET |
/api/Requests/{id} |
|
Search Requests |
GET |
/api/Requests |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
Browse Directory Root |
GET |
/api/Dirs/{directoryId}/groups/browse |
|
Request Replacement Card |
View Person |
GET |
/api/People/{id} |
Search Person |
GET |
/api/People |
|
Devices |
GET |
/api/People/{id}/devices |
|
Requests |
GET |
/api/People/{id}/requests |
|
View Person's Images |
GET |
/api/People/{id}/images/{imageField} |
|
Person's Available Credential Profiles |
GET |
/api/People/{id}/credProfiles |
|
Request Replacement Device |
POST |
/api/Devices/{id}/replace |
|
Request Device Renewal |
POST |
/api/Devices/{id}/renew |
|
Device Available Credential Profiles |
GET |
/api/Devices/{id}/credProfiles |
|
View Request |
GET |
/api/Requests/{id} |
|
Search Requests |
GET |
/api/Requests |
|
Requests |
Search Reports |
GET |
/api/Reports |
Requests Report |
GET |
/api/Reports/100406 |
|
Requests Report |
GET |
/api/Requests/reports/100406 |
|
Send Auth Code for Activation |
Send Auth Code (for activation) |
POST |
/api/Devices/{id}/codes/sendActivationCode |
Get delivery mechanisms (for activation) |
GET |
/api/Devices/{id}/codes/deliveryMechanisms |
|
Get lifetimes (for activation) |
GET |
/api/Devices/{id}/codes/lifetimes |
|
Send Auth Code for Job Collection |
Send Auth Code (for collection) |
POST |
/api/Requests/{id}/codes/sendCollectionCode |
Get delivery mechanisms (for collection) |
GET |
/api/Requests/{id}/codes/deliveryMechanisms |
|
Get lifetimes (for collection) |
POST |
/api/Requests/{id}/codes/lifetimes |
|
Send Auth Code for PIN Unlock |
Send Auth Code (for PIN unlock) |
POST |
/api/Devices/{id}/codes/sendUnlockCode |
Get delivery mechanisms (for unlock) |
GET |
/api/Devices/{id}/codes/deliveryMechanisms |
|
Get lifetimes (for unlock) |
GET |
/api/Devices/{id}/codes/lifetime |
|
Unapprove Person |
View Person |
GET |
/api/People/{id} |
Search Person |
GET |
/api/People |
|
View Person's Images |
GET |
/api/People/{id}/images/{imageField} |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
Unapprove Person |
POST |
/api/People/{id}/unapprove |
|
Unassigned Devices |
Search Reports |
GET |
/api/Reports |
Unassigned Devices Report |
GET |
/api/Reports/290005 |
|
Unassigned Devices Report |
GET |
/api/Devices/reports/290005 |
|
Unrestricted Audit Report |
Search Reports |
GET |
/api/Reports |
Unrestricted Audit Report |
GET |
/api/Reports/300001 |
|
Validate Request |
View Request |
GET |
/api/Requests/{id} |
Approve Request |
POST |
/api/Requests/{id}/approve |
|
Search Requests |
GET |
/api/Requests |
|
Reject Request |
POST |
/api/Requests/{id}/reject |
|
Job's Available Credential Profiles |
GET |
/api/Requests/{id}/credProfiles |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
View Person |
View Person |
GET |
/api/People/{id} |
Search Person |
GET |
/api/People |
|
Devices |
GET |
/api/People/{id}/devices |
|
Requests |
GET |
/api/People/{id}/requests |
|
View Person's Images |
GET |
/api/People/{id}/images/{imageField} |
|
View Request |
GET |
/api/Requests/{id} |
|
View Person (Directory) |
GET |
/api/Dirs/{directoryId}/people/{dirPersonId} |
|
Search Requests |
GET |
/api/Requests |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
Browse Directory Root |
GET |
/api/Dirs/{directoryId}/groups/browse |
|
Browse Directory Groups |
GET |
/api/Dirs/{directoryId}/groups/browse/{dirGroupId} |
|
Search Person (Directory) |
GET |
/api/Dirs/{directoryId}/people |
|
View User Audit |
View Person |
GET |
/api/People/{id} |
Search Person |
GET |
/api/People |
|
History |
GET |
/api/People/{id}/history |
|
Search Group |
GET |
/api/Groups |
|
Browse Groups |
GET |
/api/Groups/{id}/browse |
|
Browse |
GET |
/api/Groups/browse |
|
View Audit |
GET |
/api/Audits/{id} |
|
Audit Details |
GET |
/api/Audits/{id}/details |
2.2.1 Scope
The MyID Core API respects the scope of the operator account used to access the API. For example, if you are using an operator account in the Finance department that has a role with a scope of Department, that account can view and access only the people (and their devices, requests, and so on) who are in the Finance department.
For information on setting roles and scope permissions, see the Scope and security section in the Administration Guide.