Overview

10/07/2024 Contributors

The BlueXP identity and access management (IAM) service provides a centralized point for managing customer and partner information. BlueXP IAM endpoints enable you to manage and control access to BlueXP resources.

If you're using BlueXP in standard mode, you no longer have a BlueXP account. Instead, you have a BlueXP organization that you manage using BlueXP IAM.

The following five components are defined within the BlueXP IAM service.

hierarchy
permission
resource and resourcegroup
role
user and usergroup

BlueXP IAM uses predefined roles that include sets of permissions which are required to manage and view data. You can have multiple roles within the same organization or set of resources.

You should verify that you have the appropriate permissions when using the BlueXP IAM API endpoints. With the appropriate permissions, you can manage an organization hierarchy modeled as folders (subdivisions of an organization using criteria such as department or region) and projects (a workspace in BlueXP). After organizing your resources into folders and projects, you can grant granular access to resources by providing organization members with permissions to specific folders and projects.

The actions available through the BlueXP IAM REST API are a superset of what's available through the web UI.

Note: Before using the API reference documentation, review the Get started section for the BlueXP APIs. For more information about the security tokens and identifiers you'll need when using the API, review the Common workflows and tasks section.

REST implementation

HTTP methods

Method Description

Method	Description
`POST`	Create an object instance
`GET`	Retrieve an object instance or collection
`PATCH`	Update an existing object
`DELETE`	Remove an existing object

POST

Create an object instance

GET

Retrieve an object instance or collection

PATCH

Update an existing object

DELETE

Remove an existing object

Request headers

Request Header Description

Request Header	Description
`Authorization`	Required. Contains a JWT access token
`X-service-request-id`	Used to tag a request with application-specific keys for improved supportability
`X-agent-id`	Contains the BlueXP Connector ID and can be included depending on the call
`X-tenancy-account-id`	Contains the account identifier and can be included depending on the call

Authorization

Required. Contains a JWT access token

X-service-request-id

Used to tag a request with application-specific keys for improved supportability

X-agent-id

Contains the BlueXP Connector ID and can be included depending on the call

X-tenancy-account-id

Contains the account identifier and can be included depending on the call

Query parameters

You can use query parameters with endpoints in the following components:

Component	Query Parameter
Resource	account (required)resourceTypeworkspaceresourceClassresourceId

Component

Query Parameter

Resource

account (required)resourceTypeworkspaceresourceClassresourceId

Response headers

This API uses the standard HTTP response headers common with all BlueXP APIs. See REST implementation for more information.

HTTP status codes

HTTP Status Code Description

HTTP Status Code	Description
`200`	OK: Returned for successful operation completion
`400`	Bad Request: Returned if the input is malformed and could not be parsed
`401`	Unauthorized: Returned if user authentication failed or the token has expired
`403`	Forbidden: Returned for authorization errors depending on the resource and token

200

OK: Returned for successful operation completion

400

Bad Request: Returned if the input is malformed and could not be parsed

401

Unauthorized: Returned if user authentication failed or the token has expired

403

Forbidden: Returned for authorization errors depending on the resource and token

Error handling

There are three processes involved with error handling and processing.

The error is logged for supportability
The error is also returned to the caller for any specific handling
The database connection is rolled back