Get Operation

Last modified 27 Feb 2024 09:31 +01:00

Description

Request for data related to a specific object. The information contains the properties and relations of this object as well as metadata and other technical information.

Safe Get

HTTP GET is a safe operation. The use of GET does not change the state of a web resource. GET will never cause a (direct) modification. This is given by the REST architectural style. We consider this to be a very good idea and this approach is adopted by midPoint REST API.

However, object retrieval in midPoint can have side effects. Maybe midPoint will find out that an account that HTTP GET is trying to retrieve does not exist. In that case midPoint consistency mechanism may be triggered and it can modify the state of the midPoint objects. Therefore, there may be indirect changes in the objects even if GET is used. However, those changes are not direct consequence of the GET operation. Those are consequence of changed environment, and they are only discovered when GET operation is in progress. Those changes would happen anyway, whether GET is used or not. It just may take a bit longer for midPoint to discover that. Therefore, we still consider GET to be a safe operation.

If you want to make sure no consistency related change might occur, use the raw option set to true in your get queries. As in this example:

 http://localhost:8080/midpoint/ws/rest/{endpoint}/{oid}?options=raw

Request

Use the HTTP GET method with your request.

GET http://localhost:8080/midpoint/ws/rest/{endpoint}/{oid}
GET http://localhost:8080/midpoint/ws/rest/self

Additionally, you have to supply header information, and optionally you can also specify query options as a parameter of your request.

For more information please have a look at the following sections.

Headers

Regarding authorization type, the "Basic" Authorization header should be used.

Authorization header example replace {Base64EncodedCredentials} with the encoded credentials
Authorization: Basic {Base64EncodedCredentials}

To specify the provided content type, please use the "Content-Type" header payload in the body:

Content type header example, other media types are supported as well
"Content-Type: application/json"

You might need to specify the accepted type of content in case you are interested in a format different from xml (default):

Accept type header example, other media types are supported as well
"Accept: application/json"
For supported media types please refer to the following section of the documentation

Supported Media Types

Body

The get operation does not need to contain any specific payload data in the body of the request.

Options and Functions

Example of usage of options:

The "get" operations support specifying options influencing the operation execution. You can find the supported options in these references:

Usable options for this type of operation

GetOperationOptionsType

Usage of Operation Options

To use a boolean based operation option with your request, append a question mark "?" to the original request URI, then type in the "option=" string after which you append the name of the option to be used.

Options can be chained with the "&" character if you want to use multiple options in your request.

Example:

?options=raw&options=resolveNames

Usage of Exclude

To exclude an attribute in the output of your request, you can specify the "exclude" parameter in your query request. The attribute which is mentioned after the equals sign will be excluded. In case of excluding multiple attributes, specify each exclude with an "&" character after each other.

Example:

?exclude=metadata&exclude=credentials/password/value

Response

Error code Meaning

1xx

Information. Stay tuned, operation is in progress.

2xx

Success. Operation finished successfully. There are two custom codes:

  • 250 for partial error which means that during processing some error occurred but some changes was executed.

  • 240 for handled error which means that there was originally error, but midPoint was able to fix this using its consistency mechanism.

In this two cases, midPoint returns the OperationResult where there details of executed operations can be found.

3xx

Redirection or "in progress". This is returned mostly to indicate two cases:

  • Operation has finished, but the results are not in this resource. Redirection is issues to point the client to the results. Typical example is creation of an object with POST to a collection web resource. In this case a new object is created, new URI is assigned and the client is redirected to this URI. Retrieving that URI provides created object and 200 status code, indicating that the operation is finished.

  • Operation is in progress (asynchronous operation). In this case midPoint API redirects the client to a task object that can be used to track progress of the operation.

4xx

Client errors. The client has sent request that cannot be processed. This indicates usual situation that are well handled by the midPoint code. Maybe the client request to create conflicting object, delete non-existent object, modification that violates the schema and so on. The OperationResult structure is usually provided in the response to provide more details about the situation.

5xx

Server errors. Situations that the server cannot handle and where the cause is unknown. This usually means bugs in the code, insufficient resources such as RAM or disk space, unforeseen failures in the infrastructure and so on. The OperationResult structure might or might not be provided in this case. Some errors are so severe that the structured error information might not be available.

Status codes and the indication of errors and asynchronous processing applies uniformly to all midPoint web resources (both RESTful and RPC).

The response is a set of identity data describing the fetched object. This example had some technical information and metadata related to the environment removed before publishing.

Show Response Example
{
  "user" : {
    "oid" : "00000000-0000-0000-0000-000000000002",
    "name" : "administrator",
    "indestructible" : true,
    "assignment" : [ {
      "@id" : 1,
      "identifier" : "superuserRole",
      "targetRef" : {
        "oid" : "00000000-0000-0000-0000-000000000004",
        "relation" : "org:default",
        "type" : "c:RoleType"
      },
      "activation" : {
        "effectiveStatus" : "enabled"
      }
    }, {
      "@id" : 2,
      "identifier" : "archetype",
      "targetRef" : {
        "oid" : "00000000-0000-0000-0000-000000000300",
        "relation" : "org:default",
        "type" : "c:ArchetypeType"
      },
      "activation" : {
        "effectiveStatus" : "enabled"
      }
    } ],
    "iteration" : 0,
    "iterationToken" : "",
    "archetypeRef" : {
      "oid" : "00000000-0000-0000-0000-000000000300",
      "relation" : "org:default",
      "type" : "c:ArchetypeType"
    },
    "roleMembershipRef" : [ {
      "oid" : "00000000-0000-0000-0000-000000000300",
      "relation" : "org:default",
      "type" : "c:ArchetypeType"
    }, {
      "oid" : "00000000-0000-0000-0000-000000000004",
      "relation" : "org:default",
      "type" : "c:RoleType"
    } ],
    "credentials" : {
      "password" : {
        "value" : {
          "clearValue" : "5ecr3t"
      }
    },
    "fullName" : "midPoint Administrator",
    "givenName" : "midPoint",
    "familyName" : "Administrator"
  }
}
}

Operation Authorizations

This section refers specifically to midPoint authorization configuration, it represents a set of permissions which is needed for the account accessing the REST interface. This way midPoint know what actions on which objects is the user permitted to execute. For more information on midPoint authorizations please see this link.

MidPoint application authorizations may sound similar to the authorization header used in REST authentication, but they are two distinct topics.

For following is a simple authorization configuration example.

Show Authorization Example
<role>
    <name>Rest Read All</name>
    <activation/>
    <authorization>
        <name>rest-interface-access</name>
        <description>Permits access to the REST interface</description>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#all</action>
    </authorization>

    <authorization>
        <name>read-all</name>
        <description>Authorized object is able to read data of all object</description>
        <action>http://midpoint.evolveum.com/xml/ns/public/security/authorization-model-3#read</action>
    </authorization>
</role>

We do not recommend to use solely the authorization configuration in this example, it is not meant for production use! Authorization configuration should be more fine-grained and specific for your use case.

Access Authorization

  • http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#getObject

  • http://midpoint.evolveum.com/xml/ns/public/security/authorization-rest-3#getSelf

Examples

Get Object in JSON format with the Raw option set to true
# Authenticating with the credentials "administrator" and password "y0uR_P455woR*d" on a localhost instance running on port 8080
curl --user administrator:y0uR_P455woR*d -H "Accept: application/json" -X GET http://localhost:8080/midpoint/ws/rest/users/00000000-0000-0000-0000-000000000002?options=raw -v
Show JSON Example

The example is simplified, some properties were removed to keep the example output "short". This example does not contain all possible properties of this object type.

{
  "user" : {
    "oid" : "00000000-0000-0000-0000-000000000002",
    "name" : "administrator",
    "indestructible" : true,
    "assignment" : [ {
      "@id" : 1,
      "identifier" : "superuserRole",
      "targetRef" : {
        "oid" : "00000000-0000-0000-0000-000000000004",
        "relation" : "org:default",
        "type" : "c:RoleType"
      },
      "activation" : {
        "effectiveStatus" : "enabled"
      }
    }, {
      "@id" : 2,
      "identifier" : "archetype",
      "targetRef" : {
        "oid" : "00000000-0000-0000-0000-000000000300",
        "relation" : "org:default",
        "type" : "c:ArchetypeType"
      },
      "activation" : {
        "effectiveStatus" : "enabled"
      }
    } ],
    "iteration" : 0,
    "iterationToken" : "",
    "archetypeRef" : {
      "oid" : "00000000-0000-0000-0000-000000000300",
      "relation" : "org:default",
      "type" : "c:ArchetypeType"
    },
    "roleMembershipRef" : [ {
      "oid" : "00000000-0000-0000-0000-000000000300",
      "relation" : "org:default",
      "type" : "c:ArchetypeType"
    }, {
      "oid" : "00000000-0000-0000-0000-000000000004",
      "relation" : "org:default",
      "type" : "c:RoleType"
    } ],
    "credentials" : {
      "password" : {
        "value" : {
          "clearValue" : "5ecr3t"
      }
    },
    "fullName" : "midPoint Administrator",
    "givenName" : "midPoint",
    "familyName" : "Administrator"
  }
}
}
Was this page helpful?
YES NO
Thanks for your feedback