Organizations REST API - v2

The Organizations REST API allows you to :

  1. Retrieve information on existing organizations (internal organization IDs, associated tags, etc.)
  2. Add new organizations
  3. Move organizations (Change the parent organization)

User Permissions Required to Invoke this API call

  • Edit IQ Elements for all organizations referenced in the call

Methods supported

Examples of using GET 

1. To get an individual organization by its organization ID:

GET /api/v2/organizations/{organizationId}

Sample cURL:

curl -u admin:admin123 -X GET http://localhost:8070/api/v2/organizations/8e4f7ced6b9d462390f7df882b43c4fb

Response 

This will produce the information for the organization associated with the given organization ID in a JSON format e.g.

{
	"id": "8e4f7ced6b9d462390f7df882b43c4fb",
	"name": "org",
	"parentOrganizationId": "9b0a94c9187e46cca05866208a7d79cb"
    "tags": [{
		"id": "ad748f7bb6f54dda9932b16c7c575a99",
		"name": "Mission Critical",
 		"description": "Applications that are mission critical.",
		"color": "dark-red"
	}]
}

View Explanation of Response Fields for GET Request

2. To get a list of all organizations:

GET /api/v2/organizations?organizationName={YourOrganizationName}

Note that the query parameter organizationName is optional and if omitted will result in all of your viewable organizations.

Sample cURL (without the query parameter):

curl -u admin:admin123 -X GET 'http://localhost:8070/api/v2/organizations'

Response

This will generate a list of all of your viewable organizations and associated information in a JSON format

{
    "organizations": [
        {
            "id": "36d7e629462a4038b581488c347959bc",
            "name": "My Organization",
 			"parentOrganizationId": "9b0a94c9187e46cca05866208a7d79cb"
            "tags": [ ]
        },
        {
            "id": "f48b5344fa204a4c88df96b2d455d521",
            "name": "My Organization 2",
			"parentOrganizationId": "9b0a44c9187e46cca05866208a7d79cb"
            "tags": [
                {
                    "id": "cd8fd2f4f289445b8975092e7d3045ba",
                    "name": "Distributed",
				  	"description": "Applications that are provided for consumption outside the company",
                    "color": "yellow"
                },
                {
                    "id": "004d789684834f7c889c8b186a5ff24b",
                    "name": "Hosted",
				  	"description": "Applications that are hosted such as services or software as a service.",
                    "color": "grey"
                },
                {
                    "id": "da9e09887c754157a2113831ae7e99ac",
                    "name": "Internal",
                    "description": "Applications that are used only by your employees",
                    "color": "green"
                }
            ]
        }
    ]
}

View Explanation of Response Fields for GET Request

Examples of using POST

1. To create a new organization "My Organization." The name of the organization provided should be unique.

POST /api/v2/organizations

Payload example:

{
    "name": "My Organization"
}

Sample cURL:

curl -u admin:admin123 -X POST -H "Content-Type: application/json" -d '{"name": "My Organization"}' 'http://localhost:8070/api/v2/organizations'

Response

 A new organization will be created under the root level. The response will show the organization ID and tags created for the organization name in a JSON format 

{
    "id": "ab3d35233046480a9c30bb2437a48103",
    "name": "My Organization",
 	"parentOrganizationId": "ROOT_ORGANIZATION_ID"
    "tags": []
}

NEW IN RELEASE 156 2. To create a new organization as a sub-Org, linked to an existing organization.

This functionality supports the n-level hierarchy model.

POST /api/v2/organizations

Payload example:

{
    "name": "test-grand4-child",
    "parentOrganizationId": "9b0a94c9187e46cca05866208a7d79cb"
}

Response 

{
    "id": "9a2949f1421b4030aafa6f8e038aaf63",
    "name": "test-grand4-child",
    "parentOrganizationId": "9b0a94c9187e46cca05866208a7d79cb",
    "tags": []
}

Explanation of Response Fields for GET and POST requests

Response Field

Description

id

This is the internal ID for the organization.

nameThis is the name of the organization, and is visible in the IQ Server GUI.
tagsTags represent identifying characteristics for an application. Tags are created at the organization level, and then applied to applications. Policies can then select which tags, and in turn applications, the policy will be evaluated against.
parentOrganizationIdInternal ID of the parent organization to which the new organization is linked.
id (tags)The internal ID for the tag. This will be used when creating the application.
name (tags)The name of the tag, which is visible in the IQ Server GUI.
description (tags)Each tag is required to have a description. This description provides information related to the type of application it should be applied to.

NEW IN RELEASE 161 Examples of using PUT

Use the PUT method to change the parent organization to a new parent organization in the hierarchy. This can be used to transition an existing single organization level hierarchy to N-Level hierarchy model

PUT /api/v2/organizations/{organizationId}/move/destination/{destinationId}

where organizationId refers to the organization that is being moved and destinationId is the organization ID of the new parent in the hierarchy.

Response 

An HTTP response code 200 indicates that the organization has been successfully moved under a new parent in the hierarchy. The JSON response may list warnings if any, even if the move is successful. 

An HTTP response code 409 indicates that the organization could not be moved due to conflicts/causes listed in the "errors" response field.

{
  "errors": [
    {
      "message": "New parent org Org Level 2 is already set and in use as the parent of org Org 2 Level 3",
      "type": "PARENT_HIERARCHY"
    }
  ],
  "warnings": [
    {
      "message": "Some policy waivers that were previously inherited no longer apply in the new parent organization.",
      "type": "POLICY_WAIVER"
    }
  ]
}

Explanation of Response Fields for POST request

Response Field

Description

errors

This field will contain a list of errors that are preventing moving the organization under a new parent in the hierarchy.

Expected values for error types are TAG, POLICY, LICENSE_THREAT_GROUP, LABEL, or PARENT_HIERARCHY

warnings

This shows any license, waivers, or policy monitoring messages associated with the organization that may no longer be applicable to the new parent organization.

Expected values for warnings are: LICENSE_OVERRIDE, POLICY_MONITORING, or POLICY_WAIVER

Other Related APIs:

  1. To retrieve all the available roles for organizations, use Role REST API - v2
  2. To retrieve all users belonging to a role group or map users to a role group , use Authorization Configuration REST API - v2