Profile Checkout
- Print
- PDF
Profile Checkout
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
1. Check out a Profile
The POST method checks out the user profile for the given papID and envID. The papID and envID can be obtained from the Get Profiles API explained in the preceding section. The transactionID returned by this API is used to get the console access URL, the tokens for the supported applications, and to check in the profile. There are two ways to check out a profile: console access or programmatic access.
1.1 Checkout Console Access for a Profile
| POST | {{url}}/api/access/{{papID}}/environments/{{envID}}?accessType=CONSOLE |
Request Example
An example POST request for checking out user profiles is shown here:
curl --location --request POST '{{url}}/api/access/{{papID}}/environments/{{envID}}?accessType=CONSOLE' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response of the POST request for checking out user profiles is shown here:
| Status: 200 OK |
{
"accessStatusId": 13164,
"userId": 67,
"transactionId": "user1-3424rmyuw7ml1rnco24wcym",
"expiration": "2020-10-14T09:44:12Z",
"checkedOut": "2020-10-14T08:44:12Z",
"checkedIn": null,
"currentExtensionIndex": 0,
"environmentId": "1111",
"status": "checkedOut",
"statusText": "Checked Out",
"papId": "13m3ud7zer5o7uge5yle",
"accessType" : "CONSOLE"
}1.2 Checkout Programmatic Access for a Profile
| POST | {{url}}/api/access/{{papID}}/environments/{{envID}}?accessType=PROGRAMMATIC |
Note:
For Azure and GCP applications, if a service identity is used to check out a profile, a temporary service principal or service account is not created if a persistent service account is mapped to a Britive service identity.
Request Example
An example POST request for checking out user profiles is shown here:
curl --location --request POST '{{url}}/api/access/{{papID}}/environments/{{envID}}?accessType=PROGRAMMATIC' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response of the POST request for checking out user profiles is shown here:
| Status: 200 OK |
{
"accessStatusId": 13164,
"userId": 67,
"transactionId": "user1-3424rmyuw7ml1rnco24wcym",
"expiration": "2020-10-14T09:44:12Z",
"checkedOut": "2020-10-14T08:44:12Z",
"checkedIn": null,
"currentExtensionIndex": 0,
"environmentId": "1111",
"status": "checkedOut",
"statusText": "Checked Out",
"papId": "13m3ud7zer5o7uge5yle",
"accessType" : "PROGRAMMATIC"
}IC"
}1.3 Checking out a profile with Step Up Verification enabled
You get the following response after checking out a profile for which Step Up verification is enabled:
| Status: 403 |
{
"message": "Step up authentication required for {action} on consumer {consumer} - resource {resource}",
"errorCode": "PE-0028",
"extraInfo": {
"factor": "TOTP",
"alwaysPrompt": false
}
}To complete the Step Up verification with TOTP, use the following API:
| POST | {{url}}/api/step-up/authenticate/TOTP |
Request Example
An example POST request for checking out user profiles is shown here:
{
"otp": "858521"
}Response Example
{
"result": "SUCCEEDED"
}2. Tokens of a Checked out Profile
The GET method returns the tokens associated with a checked-out profile for the supported applications. The transactionID generated by the checkout API is required as the input. This API is supported by AWS, Azure, and GCP applications.
| GET | {{url}}/api/access/{{txID}}/tokens |
Request Example
An example GET request for retrieving the tokens associated with checked-out user profiles is shown here:
curl --location --request GET '{{url}}/api/access/{{txID}}/tokens' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response of the GET request for retrieving the tokens associated with checked-out user profiles is shown here:
| Status: 200 OK |
{
"accessKeyID": "AAAA",
"secretAccessKey": "BBB",
"expirationTime": "2020-10-14T09:44:12Z",
"sessionToken": "CCCC"
}3. Console Access URL of a Checked out Profile
The GET method returns the console access URL for the checked-out profile. The transactionID generated by the Checkout API is required to get the URL.
| GET | {{url}}/api/access/{{txID}}/url |
Request Example
An example GET request for retrieving the console access URL for the checked-out user profile is shown here:
curl --location --request GET '{{url}}/api/access/{{txID}}/url' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response of the GET request for retrieving console access URL for the checked-out user profile is shown here:
| Status: 200 OK |
{
"url": "https://signin.aws.amazon.com/federation?Action=login&SigninToken=AAAA"
}4. (Deprecated) Check out a Profile
The POST method checks out the user profile for the given papID and envID. The papID and envID can be obtained from the Get Profiles API explained in the preceding section. The transactionID returned by this API is used to get the console access URL, the tokens for the supported applications, and to check in the profile.
| POST | {{url}}/api/access/{{papID}}/environments/{{envID}} |
Request Example
An example POST request for checking out user profiles is shown here:
curl --location --request POST '{{url}}/api/access/{{papID}}/environments/{{envID}}' \
--header 'Authorization: TOKEN {{token}}'Response Example
An example response of the POST request for checking out user profiles is shown here:
| Status: 200 OK |
{
"accessStatusId": 13164,
"userId": 67,
"transactionId": "user1-3424rmyuw7ml1rnco24wcym",
"expiration": "2020-10-14T09:44:12Z",
"checkedOut": "2020-10-14T08:44:12Z",
"checkedIn": null,
"currentExtensionIndex": 0,
"environmentId": "1111",
"status": "checkedOut",
"statusText": "Checked Out",
"papId": "13m3ud7zer5o7uge5yle"
}Was this article helpful?
