Quick Start

Use the information given in this topic to help you get started with Oracle Access Governance REST APIs. For example, you can manage access bundles, raise an access request to a resource for an identity, or get a list of orchestrated systems, its associated account profile, and perform fine-grained control by fetching a list of permission attributes.

Prerequisites

If you're new to REST APIs, make sure you understand the basics of REST and JSON, and review Oracle Access Governance terminology.

You must understand, configure and install the following prerequisites:

Prerequisites	More Information
Oracle Access Governance subscribed to Oracle Access Governance Premium license	Set Up Service Instance Set Up Users Licensing and Pricing
Install cURL	Use cURL Tip: To simplify testing, download the Swagger specifications using the download icon on the left, and import the spec in your preferred REST client tool.
Configure prerequisites	Key prerequisites for configuration
Set up authentication	Authenticate and Authorize
Understand Response Codes	status-codes

Latest API Version

Include the version value while sending your requests. 20250331

You can set its value as one of global variables in your REST Client tool, versionid = 20250331.

Task 1: Obtain Account Information and API Version Details

From your Oracle Cloud account administrator, obtain the appropriate account credentials to enable you to use Oracle Access Governance REST APIs. Specifically, you will need:

Details	Reference
Configure Prerequisites	Key prerequisites for configuration
Fetch Oracle Access Governance Service Instance URL	Fetch Oracle Access Governance Service Instance URL and Fetch Confidential OAuth Application Details for Authorization
Get the Identity Domain URL for generating the Bearer Token	Get the OCI IAM Domain URL
Assign application role to the Confidential application. The application role you require depends on the REST API operation you want to perform and is the same as the application role required to perform the same operation on the Console.	Application Roles and Responsibilities Reference

Task 2: Understand URL construct for Sending Requests

Use the following format to construct your URL:

https:${host/service-instance-url}/path/resource-path

https://mock-demo.cp.access-governance.oci.example.com/access-governance/access-controls/${versionId}/accessBundles

host

Subdomain and domain name for your service instance.

mock-demo.access-governance.oci.example.com

path

The full path that specifies the resource within the API and uniquely identifies the resource.

/access-governance/access-controls/${versionId}/accessBundles

For example:/access-governance/access-controls/20250331/accessBundles

resource-path

The resource identifier that is being requested.

/accessBundles

Note:

For more details on Supported Methods, Supported Headers, and Standard Query Parameters, check Send Requests.

Task 3: Send your Sample Request

After you set up your REST client, and generated the access token, you can send a request to ensure that your connection works. For example, suppose you want to get a list of all the access bundles. You can use the following cURL command:

Request

curl -i -X GET \
   -H "Authorization:Bearer <Your access token>" \
 '${service-instance-url}/access-governance/access-controls/${versionId}/accessBundles'

Using the GET Method. Include the Authorization Bearer access token in the appropriate HTTP header when you make REST API calls.

${service-instance-url}/access-governance/access-controls/${versionId}/accessBundles

Figure - Sample GET Request using the REST API Client Tool

Response

If the request is successful, then you should receive a 200 response with a body such as the following:

Response Body

{
    "items": [
        {
            "id": "0f123-b123-4c09-b4a5-423454",
            "name": "Permission-Test",
            "description": "",
            "createdBy": {
                "id": "globalId.OCI.OCI-System.abcd",
                "name": "Bill Clark",
                "displayName": "Bill Clark",
                "owners": null
            },
            "timeCreatedOn": "2025-03-10T04:25:39.971Z",
            "timeUpdatedOn": "2025-03-10T04:25:39.971Z",
            "requestableBy": "Anyone",
            "approvalWorkflowId": "NO_APPROVAL_REQUIRED",
            "target": {
                "id": "01234-51f0-4593-8701-30b2333333",
                "name": "OCI-System",
                "displayName": "OCI-System",
                "owners": null
            },
            "accessBundleType": "PERMISSION_BUNDLE",
            "status": "ACTIVE",
            "tags": null,
            "managedBy": null,
            "customAttributes": null,
            "isAgManaged": true,
            "primaryOwner": {
                "value": "globalId.OCI.OCI-System.3ad438f23537ed9c45184cxxxx73d23",
                "displayName": "Bill Clark"
            },
            "isOwner": false,
            "isAccountProfileExists": false,
            "accountProfileId": null,
            "accountProfileName": null
        },
    ]
}