A web services application programming interface (API) is exposed by Hitachi ID Identity and Access Management Suite, allowing other applications to access the workflow request queue and data about users and resources.

The API is accessed using SOAP over HTTPS with a WSDL specification. It is accessible from a wide range of platforms, including Windows and Unix, .NET and J2EE, Perl, Python and PHP, etc.

The Hitachi ID Identity and Access Management Suite API supports a wide range of operations, including:

  • Submitting new workflow requests. This includes requests to:
    • Create new user profiles.
    • Add login accounts to new or existing profiles.
    • Add users to or remove users from managed groups.
    • Assign roles to users or remove roles from users.
    • Get or set user identity attributes.
  • Initiating certification campaigns.
  • Searching for users, groups or roles matching specified criteria.
  • Creating, updating or deleting roles and SoD policies.
  • Getting or changing the set of authorizers attached to a request.
  • Approving or denying requests.
  • Enumerating users per entitlement or entitlements per user.
  • Running any report and consuming its output in a streamed format (e.g., orphan/dormant accounts, stale workflow requests, SoD violations, etc.).
  • Performing a variety of Hitachi ID Identity and Access Management Suite configuration tasks.

A separate REST API is also supported. With this mechanism, it is possible to define REST method calls and bind them to Python logic that runs on the Hitachi ID Identity and Access Management Suite server, which uses the (extensive) shared-memory based API to effect changes. There are no real restrictions on what the REST API is capable of.