(1.0.0)
Download OpenAPI specification:Download
IC Governor (Welle) is the next generation Access Review engine, which helps support enterprise IT security and regulatory compliance. Unlike traditional Identity Governance products, IC Governor (Welle) is light-weight in architecture. It has a responsive user interface and speedy in back-end remediation. You can manage the identity life-cycle in your organization in a secure and convenient portal.
Login
User login by scanning mobile QR
Request Body schema: application/json
A JSON object containing request body information
| hashCode | string |
| deviceId | string |
| location | string |
| version | string |
Responses
Request samples
- Payload
Content type
application/json
{- "hashCode": "nxbczftzazpdjojz",
- "deviceId": "94703EC2-0AAD-xxxxx-xxxxx-xxxxxxxxxx",
- "location": "Singapore",
- "version": "1.3"
}Response samples
- 200
- 400
Content type
application/json
{ }Register
Register a new device for a user
Request Body schema: application/json
A JSON object containing request body information
| notificationToken | string |
| nounce | string |
| deviceId | string |
| location | string |
| phoneType | string |
| version | string |
| hashCode | string |
Responses
Request samples
- Payload
Content type
application/json
{- "notificationToken": "cwZBvGYYQG2mhZl73C06k5:APA91bGdOuVpcBwp7vfSRbb2YpvnzdAyAfJQBfecKQZMP-JLgYAkD3gg_kTuSqQyCyjzgnjuX7JiIbWDl11wlG7dQBVW049sxnM-G8XbFd_xxxxx_om1KBqwMf-xxxxx-VxTzxd5XKKd",
- "nounce": "YqdrlsUyQupB+ZUqHXDMadgz0/otBmOoyYOo9QVB+fCqHM6TWnSUg7U88IIYQ5nZ0ZXEIlLaHCYz9xojHRxagw==",
- "deviceId": "94703EC2-0AAD-xxxx-xxxx-xxxxxxxxxxxx",
- "location": "Singapore",
- "phoneType": "iOS/iPhone 7 Plus",
- "version": "1.0.0",
- "hashCode": "jomjffxakhalirle"
}Response samples
- 200
- 400
- 403
Content type
application/json
{ }Users
Get the user information based on linked device ID
Request Body schema: application/json
A JSON object containing request body information
| deviceId | string |
| location | string |
| version | string |
Responses
Request samples
- Payload
Content type
application/json
{- "deviceId": "94703EC2-0AAD-xxxxx-xxxxx-xxxxxxxxxx",
- "location": "Singapore",
- "version": "1.2"
}Response samples
- 200
- 400
- 401
Content type
application/json
{- "givenName": "Max Lee",
- "roles": "manager",
- "session-jwt": "{session-jwt}",
- "userName": "maxl"
}Approval
Get a request that requires approval
path Parameters
| request-id required | string Example: 1276 request-id using |
header Parameters
| Authorization required | string Example: Bearer {session-jwt} |
| deviceId required | string Example: 94703EC2-0AAD-xxxxx-xxxxx-xxxxxxxxxx |
Responses
Response samples
- 200
- 400
- 401
- 404
Content type
application/json
{- "suspensionState": 1,
- "cachedElContext": null,
- "parentTaskId": null,
- "dueDate": null,
- "_rev": "1",
- "taskLocalVariables": { },
- "description": null,
- "activityInstanceVariables": { },
- "delegationState": null,
- "delegationStateString": null,
- "eventName": null,
- "revisionNext": 2,
- "formProperties": [
- {
- "userName": "janetl"
}, - {
- "changes": null
}, - {
- "managerDecision": null
}, - {
- "comment": null
}
], - "owner": null,
- "processDefinitionId": "oneLevelAccessRequest:4:838",
- "processInstanceId": "1027",
- "variables": {
- "approvalCode": "uyLDAG1VXcwVyl/u6aQCH1MCo6JXfbyNKElp3Q5zaTjGvj2z5ERxjrKNlcEYWxg8",
- "role": "[{\"reason\":\"Mobile team test\",\"appName\":\"SAP ECC\",\"roleName\":\"MAIN_IN_CHARGE_ROLE\",\"action\":\"ADD\"},{\"reason\":\"Mobile team test\",\"appName\":\"SAP ECC\",\"roleName\":\"PLM_ACC\",\"action\":\"ADD\"},{\"reason\":\"Mobile team test\",\"appName\":\"LDAPEndpoint\",\"roleName\":\"[LDAP] Standard Group\",\"action\":\"ADD\"},{\"reason\":\"Mobile team test\",\"appName\":\"LDAPEndpoint\",\"roleName\":\"[LDAP] Advance Group\",\"action\":\"ADD\"},{\"reason\":\"Mobile team test\",\"appName\":\"ADEndpoint\",\"roleName\":\"[AD] JIRA\",\"action\":\"ADD\"},{\"reason\":\"Mobile team test\",\"appName\":\"ADEndpoint\",\"roleName\":\"[AD] Internet Access\",\"action\":\"ADD\"},{\"reason\":\"Mobile team test\",\"appName\":\"Corporate Directory Server\",\"roleName\":\"Directory Administrators\",\"action\":\"ADD\"}]",
- "queryParams": {
- "_queryFilter": "/userName eq \"janetl\""
}, - "encryptedPayloadAsString": "{\"$crypto\":{\"type\":\"x-simple-encryption\",\"value\":{\"cipher\":\"AES/CBC/PKCS5Padding\",\"salt\":\"M6oD3TvKmEUKF1EznXPqfQ==\",\"data\":\"OzcvidJ326dFr6z8s8xlSBn01TYeMB9y4eMDsfzGKSwAl90SCqT+9hYQ4K/KdcsWVWuWWbMzNJ6si6xQwn+Gszx0M0f/v1YYSjSyqweUjjmzsPCGeq6wgfngLn5CRZqsUxX1/x0K7iQ0zeHumdzO7dc1uHTabVyfI3bRMgPHOj3qS312XIE9kEjTc6aXCgo3\",\"iv\":\"cRIvpXt7+ISKiEiMiGVdqw==\",\"key\":\"openidm-sym-default\",\"mac\":\"x95fyf9Lh9PfZuLY9HetLQ==\"}}}",
- "encodedEncryptedPayload": "%7B%22%24crypto%22%3A%7B%22type%22%3A%22x-simple-encryption%22%2C%22value%22%3A%7B%22cipher%22%3A%22AES%2FCBC%2FPKCS5Padding%22%2C%22salt%22%3A%22M6oD3TvKmEUKF1EznXPqfQ%3D%3D%22%2C%22data%22%3A%22OzcvidJ326dFr6z8s8xlSBn01TYeMB9y4eMDsfzGKSwAl90SCqT%2B9hYQ4K%2FKdcsWVWuWWbMzNJ6si6xQwn%2BGszx0M0f%2Fv1YYSjSyqweUjjmzsPCGeq6wgfngLn5CRZqsUxX1%2Fx0K7iQ0zeHumdzO7dc1uHTabVyfI3bRMgPHOj3qS312XIE9kEjTc6aXCgo3%22%2C%22iv%22%3A%22cRIvpXt7%2BISKiEiMiGVdqw%3D%3D%22%2C%22key%22%3A%22openidm-sym-default%22%2C%22mac%22%3A%22x95fyf9Lh9PfZuLY9HetLQ%3D%3D%22%7D%7D%7D",
- "approvers": "[{\"name\":\"Max Lee\",\"decision\":\"\",\"stage\":\"1\"}]",
- "finalEncodedEncryptedPayload": "%257B%2522%2524crypto%2522%253A%257B%2522type%2522%253A%2522x-simple-encryption%2522%252C%2522value%2522%253A%257B%2522cipher%2522%253A%2522AES%252FCBC%252FPKCS5Padding%2522%252C%2522salt%2522%253A%2522M6oD3TvKmEUKF1EznXPqfQ%253D%253D%2522%252C%2522data%2522%253A%2522OzcvidJ326dFr6z8s8xlSBn01TYeMB9y4eMDsfzGKSwAl90SCqT%252B9hYQ4K%252FKdcsWVWuWWbMzNJ6si6xQwn%252BGszx0M0f%252Fv1YYSjSyqweUjjmzsPCGeq6wgfngLn5CRZqsUxX1%252Fx0K7iQ0zeHumdzO7dc1uHTabVyfI3bRMgPHOj3qS312XIE9kEjTc6aXCgo3%2522%252C%2522iv%2522%253A%2522cRIvpXt7%252BISKiEiMiGVdqw%253D%253D%2522%252C%2522key%2522%253A%2522openidm-sym-default%2522%252C%2522mac%2522%253A%2522x95fyf9Lh9PfZuLY9HetLQ%253D%253D%2522%257D%257D%257D",
- "managerName": "Max Lee",
- "startUserId": "janetl",
- "rejectCode": "YXnKiqjtFoc4lCbP3NxKIB3IV3vMWqLQ8a5RLmo3xnZcu8nmSVpnFiQZ+dLTFFAv",
- "payload": {
- "code": "YXnKiqjtFoc4lCbP3NxKIB3IV3vMWqLQ8a5RLmo3xnZcu8nmSVpnFiQZ+dLTFFAv",
- "approverId": "maxl",
- "user": "8d72fded-9384-46ba-8c48-03606737bcc3"
}, - "emailApprovalParams": {
- "subject": "[IDM] Request for Access - Approval Required",
- "type": "text/html",
- "body": "<html><body>Dear Max Lee, <br/><br/>Requester, Janet Liu (janetl), raised a request for your approval. <br/><br/>Please login to the portal to approve and reject it. <br/><br/>Thank you</body></html>"
}, - "requesterName": "Janet Liu",
- "workflowType": "requestAccess",
- "changesObject": "[[action:ADD, appName:SAP ECC, reason:Mobile team test, roleName:MAIN_IN_CHARGE_ROLE], [action:ADD, appName:SAP ECC, reason:Mobile team test, roleName:PLM_ACC], [action:ADD, appName:LDAPEndpoint, reason:Mobile team test, roleName:[LDAP] Standard Group], [action:ADD, appName:LDAPEndpoint, reason:Mobile team test, roleName:[LDAP] Advance Group], [action:ADD, appName:ADEndpoint, reason:Mobile team test, roleName:[AD] JIRA], [action:ADD, appName:ADEndpoint, reason:Mobile team test, roleName:[AD] Internet Access], [action:ADD, appName:Corporate Directory Server, reason:Mobile team test, roleName:Directory Administrators]]",
- "encryptedPayload": {
- "$crypto": {
- "type": "x-simple-encryption",
- "value": {
- "cipher": "AES/CBC/PKCS5Padding",
- "salt": "M6oD3TvKmEUKF1EznXPqfQ==",
- "data": "OzcvidJ326dFr6z8s8xlSBn01TYeMB9y4eMDsfzGKSwAl90SCqT+9hYQ4K/KdcsWVWuWWbMzNJ6si6xQwn+Gszx0M0f/v1YYSjSyqweUjjmzsPCGeq6wgfngLn5CRZqsUxX1/x0K7iQ0zeHumdzO7dc1uHTabVyfI3bRMgPHOj3qS312XIE9kEjTc6aXCgo3",
- "iv": "cRIvpXt7+ISKiEiMiGVdqw==",
- "key": "openidm-sym-default",
- "mac": "x95fyf9Lh9PfZuLY9HetLQ=="
}
}
}, - "requesterId": "8d72fded-9384-46ba-8c48-03606737bcc3",
- "userFullName": "Janet Liu",
- "userManager": [
- "maxl"
], - "enduserObject": {
- "totalPagedResults": -1,
- "result": [
- {
- "preferences": {
- "marketing": false,
- "updates": false
}, - "telephoneNumber": "+6586500305",
- "devices": [
- {
- "location": "Singapore",
- "deviceId": "A41B021C-DF3C-4532-AE99-8387BA3F3988"
}, - {
- "location": "United States",
- "deviceId": "EF7D25A9-6434-4DE3-B306-EB8D3924DE56"
}, - {
- "location": "Indonesia",
- "deviceId": "2d65edc7cd525dd6"
}, - {
- "location": "Indonesia",
- "deviceId": "5a3d491db0ede799"
}, - {
- "location": "Test",
- "deviceId": "339BCE0E-D7E0-4D7D-A889-9959676412239"
}, - {
- "lastLoginTimestamp": "2020-07-24 11:24:03",
- "location": "Indonesia",
- "deviceId": "93c449b6e622dd9e"
}, - {
- "location": "United States",
- "deviceId": "339BCE0E-D7E0-4D7D-A889-995967641239"
}
], - "effectiveAssignments": [ ],
- "_rev": "421",
- "userName": "janetl",
- "accountStatus": "active",
- "password": {
- "$crypto": {
- "type": "x-simple-encryption",
- "value": {
- "cipher": "AES/CBC/PKCS5Padding",
- "salt": "0rPMRU6sXqF8bWLcEsYdCA==",
- "data": "7tsse32oZHCf3DFr/dsYeQ==",
- "iv": "+5tV4Uzbfqd7IzI6en1+6A==",
- "key": "openidm-sym-default",
- "mac": "RlZM9TqNtE6btoGWLEdjHA=="
}
}
}, - "lastSync": {
- "manageduseruser_systemCorporateADaccount": {
- "effectiveAssignments": [ ],
- "timestamp": "2020-07-01T10:30:30.616+08:00"
}, - "manageduserusersystemOpenDJEndpointaccount": {
- "effectiveAssignments": [ ],
- "timestamp": "2020-06-18T09:08:06.291+08:00"
}
}, - "effectiveRoles": [
- {
- "_ref": "managed/role/a7bdb820-0570-4e77-bc5e-0c12b9b4814e"
}
], - "sn": "Janet Liu",
- "_id": "8d72fded-9384-46ba-8c48-03606737bcc3",
- "department": "Information Systems"
}
], - "pagedResultsCookie": null
}, - "roleJson": [
- {
- "reason": "Mobile team test",
- "appName": "SAP ECC",
- "roleName": "MAIN_IN_CHARGE_ROLE",
- "action": "ADD"
}, - {
- "reason": "Mobile team test",
- "appName": "SAP ECC",
- "roleName": "PLM_ACC",
- "action": "ADD"
}, - {
- "reason": "Mobile team test",
- "appName": "LDAPEndpoint",
- "roleName": "[LDAP] Standard Group",
- "action": "ADD"
}, - {
- "reason": "Mobile team test",
- "appName": "LDAPEndpoint",
- "roleName": "[LDAP] Advance Group",
- "action": "ADD"
}, - {
- "reason": "Mobile team test",
- "appName": "ADEndpoint",
- "roleName": "[AD] JIRA",
- "action": "ADD"
}, - {
- "reason": "Mobile team test",
- "appName": "ADEndpoint",
- "roleName": "[AD] Internet Access",
- "action": "ADD"
}, - {
- "reason": "Mobile team test",
- "appName": "Corporate Directory Server",
- "roleName": "Directory Administrators",
- "action": "ADD"
}
], - "userFullNameCSV": "Janet Liu|",
- "usersFullName": [
- "Janet Liu"
], - "userName": "janetl",
- "candidateManagers": "maxl",
- "users": [
- "janetl"
], - "application": "SAP ECC\nSAP ECC\nLDAPEndpoint\nLDAPEndpoint\nADEndpoint\nADEndpoint\nCorporate Directory Server",
}, - "priority": 50,
- "suspended": false,
- "executionId": "1027",
- "taskDefinitionKey": "managerApproval",
- "candidates": {
- "candidateUsers": [
- "maxl"
], - "candidateGroups": [ ]
}, - "deleted": false,
- "createTime": "2020-07-24T11:42:30.000+08:00",
- "name": "User Access Request Approval",
- "tenantId": "",
- "_id": "1083",
- "assignee": null,
- "category": null,
- "processVariables": { },
- "queryVariables": null
}Approval listing
Get a list of requests that require approval by user
query Parameters
| userName required | string Example: userName=maxl |
header Parameters
| Authorization required | string Example: Bearer {session-jwt} |
| deviceId required | string Example: 94703EC2-0AAD-xxxxx-xxxxx-xxxxxxxxxx |
Responses
Response samples
- 200
- 400
- 401
Content type
application/json
{- "data": [
- {
- "requestedFor": [
- {
- "fullName": "Janet Liu",
- "userId": "janetl"
}
], - "requestedBy": {
- "fullName": "Janet Liu",
- "userId": "janetl"
}, - "processInstanceId": "1027",
- "createTime": "24/07/2020",
- "workflowType": "requestAccess",
- "taskId": "1083"
}, - {
- "requestedFor": [
- {
- "fullName": "Janet Liu",
- "userId": "janetl"
}
], - "requestedBy": {
- "fullName": "Janet Liu",
- "userId": "janetl"
}, - "processInstanceId": "1220",
- "createTime": "30/07/2020",
- "workflowType": "requestAccess",
- "taskId": "1276"
}, - {
- "requestedFor": [
- {
- "fullName": "Woo Beng Heng",
- "userId": "benghengw"
}
], - "requestedBy": {
- "fullName": "Woo Beng Heng",
- "userId": "benghengw"
}, - "processInstanceId": "637",
- "createTime": "29/05/2020",
- "workflowType": "requestAccess",
- "taskId": "693"
}, - {
- "requestedFor": [
- {
- "fullName": "Daniel Chin",
- "userId": "danielc"
}
], - "requestedBy": {
- "fullName": "Cindy Teo",
- "userId": "cindyt"
}, - "processInstanceId": "760",
- "createTime": "03/06/2020",
- "workflowType": "requestAccess",
- "taskId": "816"
}
]
}Approval decision
Approve a request can only be cancelled when it is still In Progress.
path Parameters
| request-id required | string Example: 1050 request-id using |
header Parameters
| Authorization required | string Example: Bearer {session-jwt} |
| deviceId required | string Example: 94703EC2-0AAD-xxxxx-xxxxx-xxxxxxxxxx |
Request Body schema: application/json
A JSON object containing request body information
| action | string |
| decision | string |
| comment | string |
Responses
Request samples
- Payload
Content type
application/json
Example
Action approve - accept
Action approve - accept
Action approve - reject
{- "action": "approve",
- "decision": "accept",
- "comment": ""
}Response samples
- 200
- 400
- 401
- 404
- 500
Content type
application/json
{- "result": true
}Tracking list
Get a list of requests that user is involved, either as a requester or approver
query Parameters
| userName required | string Example: userName=maxl |
header Parameters
| Authorization required | string Example: Bearer {session-jwt} |
| deviceId required | string Example: 94703EC2-0AAD-xxxxx-xxxxx-xxxxxxxxxx |
Responses
Response samples
- 200
- 400
- 401
Content type
application/json
{- "accessRequests": [
- {
- "approver": "Max Lee",
- "decision": "Accept",
- "appName": "SAP ECC",
- "initiator": "Janet Liu",
- "userFullName": "Janet Liu",
- "endDt": "16/09/2020",
- "approvers": [
- {
- "decision": "accept",
- "stage": "1",
- "name": "Max Lee"
}
], - "userName": "janetl",
- "roleName": "PLM_ACC",
- "startDt": "16/09/2020",
- "action": "ADD",
- "workflowType": "requestAccess",
- "comment": [
- {
- "stage": "1",
- "comment": "test"
}
], - "id": "6351",
- "status": "Completed"
}
]
}Tracking decision
Cancel a request can only be cancelled when it is still In Progress.
path Parameters
| request-id required | string Example: 1050 request-id using |
header Parameters
| Authorization required | string Example: Bearer {session-jwt} |
| deviceId required | string Example: 94703EC2-0AAD-xxxxx-xxxxx-xxxxxxxxxx |
Request Body schema: application/json
A JSON object containing request body information
| action | string |
| comment | string |
Responses
Request samples
- Payload
Content type
application/json
{- "action": "cancel",
- "comment": "this is the cancellation comment"
}Response samples
- 200
- 400
- 401
- 404
- 500
Content type
application/json
{- "result": true
}